Cross-Model Anecdotes – full_cve_ids_3.1_header · seed=42 · metric=a
Models: xlnet, lrp-bert, lrp-distilbert

#1 · cve_id CVE-2019-20061 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁user - in tro duction ▁email ▁in MFScripts YetiShare ▁v 3 . 5 . 2 ▁through ▁v 4 . 5 . 4 ▁may ▁leak ▁the ( system - pick ed ) ▁password ▁if ▁this ▁email ▁is ▁sent ▁in cleartext . ▁In ▁other ▁words ▁the ▁user ▁is ▁not ▁allowed ▁to ▁choose ▁their ▁own init ial ▁password . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words the user is not allowed to choose their own initial password.
SHAP (words)
The user- introduction email in MFScripts YetiShare v3. 5. 2 through v4. 5. 4 may leak the ( system- picked) password if this email is sent in cleartext. In other words the user is not allowed to choose their own initial password
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The user - int rod ##uction email in MFScripts YetiShare v ##3 . 5 . 2 through v ##4 . 5 . 4 may leak the ( system - picked ) password if this email is sent in cleartext . In other words the user is not allowed to choose their own init i ##al password . [SEP]
LRP (+Pred, pos-only)
[CLS] The user - int rod ##uction email in MFScripts YetiShare v ##3 . 5 . 2 through v ##4 . 5 . 4 may leak the ( system - picked ) password if this email is sent in cleartext . In other words the user is not allowed to choose their own init i ##al password . [SEP]
LIME (words)
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words the user is not allowed to choose their own initial password.
SHAP (words)
The user- introduction email in MFScripts YetiShare v3. 5. 2 through v4. 5. 4 may leak the ( system- picked) password if this email is sent in cleartext. In other words the user is not allowed to choose their own initial password
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The user - int rod ##uction email in MFScripts YetiShare v ##3 . 5 . 2 through v ##4 . 5 . 4 may leak the ( system - picked ) password if this email is sent in cleartext . In other words the user is not allowed to choose their own init i ##al password . [SEP]
LRP (+Pred, pos-only)
[CLS] The user - int rod ##uction email in MFScripts YetiShare v ##3 . 5 . 2 through v ##4 . 5 . 4 may leak the ( system - picked ) password if this email is sent in cleartext . In other words the user is not allowed to choose their own init i ##al password . [SEP]
LIME (words)
The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the (system-picked) password if this email is sent in cleartext. In other words the user is not allowed to choose their own initial password.
SHAP (words)
The user- introduction email in MFScripts YetiShare v3. 5. 2 through v4. 5. 4 may leak the ( system- picked) password if this email is sent in cleartext. In other words the user is not allowed to choose their own initial password
#2 · cve_id CVE-2022-23698 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁remote unauthenticated ▁di sc los ure ▁of ▁in for matio n ▁vulnerability ▁was ▁di sc ▁over ed ▁in HPE ▁One View ▁version ( s ) : ▁Prior ▁to ▁6 . 6 . HPE ▁has ▁provided ▁a ▁software ▁update ▁to ▁resolve ▁this ▁vulnerability ▁in HPE ▁One View . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
SHAP (words)
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version( s): Prior to 6. 6. HPE has provided a software update to resolve this vulnerability in HPE OneView
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A remote unauthenticated di sc los ##ure of info ##r matio n vulnerability was di sc over ##ed in HPE One ##V ##ie ##w version ( s ) : Prior to 6 . 6 . HPE has provided a software update to resolve this vulnerability in HPE One ##V ##ie ##w . [SEP]
LRP (+Pred, pos-only)
[CLS] A remote unauthenticated di sc los ##ure of info ##r matio n vulnerability was di sc over ##ed in HPE One ##V ##ie ##w version ( s ) : Prior to 6 . 6 . HPE has provided a software update to resolve this vulnerability in HPE One ##V ##ie ##w . [SEP]
LIME (words)
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
SHAP (words)
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version( s): Prior to 6. 6. HPE has provided a software update to resolve this vulnerability in HPE OneView
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A remote unauthenticated di sc los ##ure of info ##r matio n vulnerability was di sc over ##ed in HPE One ##V ##ie ##w version ( s ) : Prior to 6 . 6 . HPE has provided a software update to resolve this vulnerability in HPE One ##V ##ie ##w . [SEP]
LRP (+Pred, pos-only)
[CLS] A remote unauthenticated di sc los ##ure of info ##r matio n vulnerability was di sc over ##ed in HPE One ##V ##ie ##w version ( s ) : Prior to 6 . 6 . HPE has provided a software update to resolve this vulnerability in HPE One ##V ##ie ##w . [SEP]
LIME (words)
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version(s): Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView.
SHAP (words)
A remote unauthenticated disclosure of information vulnerability was discovered in HPE OneView version( s): Prior to 6. 6. HPE has provided a software update to resolve this vulnerability in HPE OneView
#3 · cve_id CVE-2022-3008 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁tiny gl t f ▁library ▁uses ▁the ▁C ▁library ▁function ▁word exp ( ) ▁to ▁perform ▁file ▁path ▁expansion ▁on untrusted ▁paths ▁that ▁are ▁provided ▁from ▁the ▁input ▁file . ▁This ▁function ▁allows ▁for ▁command inject ion ▁by ▁using backtick s . ▁An ▁attacker ▁could ▁craft ▁an untrusted ▁path ▁input ▁that ▁would ▁result ▁in ▁a ▁path ▁expansion . ▁We ▁recommend upgrading ▁to ▁2 . 6 . 0 ▁or ▁past ▁commit ▁52 ff 00 a 38 4 47 f 06 a 17 e ab 1 ca a 2 cf 07 30 a 1 19 c 75 1 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
SHAP (words)
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2. 6. 0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The tiny ##g ##lt ##f library uses the C library function word ##ex ##p ( ) to perform file path expansion on untrusted paths that are provided from the input file . This function allows for command inject ion by using backtick s . An attacker could craft an untrusted path input that would result in a path expansion . We recommend upgrading to 2 . 6 . 0 or past commit 52 ##ff ##00 ##a ##38 ##44 ##7 ##f ##0 ##6 ##a ##17 ##ea ##b ##1 ##ca ##a ##2 ##c ##f ##0 ##7 ##30 ##a ##11 ##9 ##c ##75 ##1 [SEP]
LRP (+Pred, pos-only)
[CLS] The tiny ##g ##lt ##f library uses the C library function word ##ex ##p ( ) to perform file path expansion on untrusted paths that are provided from the input file . This function allows for command inject ion by using backtick s . An attacker could craft an untrusted path input that would result in a path expansion . We recommend upgrading to 2 . 6 . 0 or past commit 52 ##ff ##00 ##a ##38 ##44 ##7 ##f ##0 ##6 ##a ##17 ##ea ##b ##1 ##ca ##a ##2 ##c ##f ##0 ##7 ##30 ##a ##11 ##9 ##c ##75 ##1 [SEP]
LIME (words)
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
SHAP (words)
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2. 6. 0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The tiny ##g ##lt ##f library uses the C library function word ##ex ##p ( ) to perform file path expansion on untrusted paths that are provided from the input file . This function allows for command inject ion by using backtick s . An attacker could craft an untrusted path input that would result in a path expansion . We recommend upgrading to 2 . 6 . 0 or past commit 52 ##ff ##00 ##a ##38 ##44 ##7 ##f ##0 ##6 ##a ##17 ##ea ##b ##1 ##ca ##a ##2 ##c ##f ##0 ##7 ##30 ##a ##11 ##9 ##c ##75 ##1 [SEP]
LRP (+Pred, pos-only)
[CLS] The tiny ##g ##lt ##f library uses the C library function word ##ex ##p ( ) to perform file path expansion on untrusted paths that are provided from the input file . This function allows for command inject ion by using backtick s . An attacker could craft an untrusted path input that would result in a path expansion . We recommend upgrading to 2 . 6 . 0 or past commit 52 ##ff ##00 ##a ##38 ##44 ##7 ##f ##0 ##6 ##a ##17 ##ea ##b ##1 ##ca ##a ##2 ##c ##f ##0 ##7 ##30 ##a ##11 ##9 ##c ##75 ##1 [SEP]
LIME (words)
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2.6.0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
SHAP (words)
The tinygltf library uses the C library function wordexp() to perform file path expansion on untrusted paths that are provided from the input file. This function allows for command injection by using backticks. An attacker could craft an untrusted path input that would result in a path expansion. We recommend upgrading to 2. 6. 0 or past commit 52ff00a38447f06a17eab1caa2cf0730a119c751
#4 · cve_id CVE-2020-8997 · a
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Old er ▁generation ▁Abbott ▁Free St yle ▁Li bre ▁sensors ▁allow ▁remote ▁attackers ▁within ▁close ▁proximity ▁to ▁enable ▁write ▁access ▁to ▁memory ▁via ▁a spec ific ▁NFC ▁unlock ▁command . NOT ▁E : ▁The ▁vulnerability ▁is ▁not ▁present ▁in ▁the ▁Free St yle ▁Li bre ▁14 - day ▁in ▁the ▁U . S ( ann ounce d ▁in ▁August ▁2018 ) ▁and ▁Free St yle ▁Li bre ▁2 ▁out sid e ▁the ▁U . S ( ann ounce d ▁in ▁October ▁2018 ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018).
SHAP (words)
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14- day in the U. S ( announced in August 2018) and FreeStyle Libre 2 outside the U. S ( announced in October 2018
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Older generation A ##b bot t Free ##S ##ty ##le Li ##bre sensors allow remote attackers within close proximity to enable w ##r ite access to memory via a spec if ##ic NFC unlock command . NOT E : The vulnerability is not present in the Free ##S ##ty ##le Li ##bre 14 - day in the U . S ( announced in August 2018 ) and Free ##S ##ty ##le Li ##bre 2 out sid e the U . S ( announced in October 2018 ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Older generation A ##b bot t Free ##S ##ty ##le Li ##bre sensors allow remote attackers within close proximity to enable w ##r ite access to memory via a spec if ##ic NFC unlock command . NOT E : The vulnerability is not present in the Free ##S ##ty ##le Li ##bre 14 - day in the U . S ( announced in August 2018 ) and Free ##S ##ty ##le Li ##bre 2 out sid e the U . S ( announced in October 2018 ) . [SEP]
LIME (words)
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018).
SHAP (words)
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14- day in the U. S ( announced in August 2018) and FreeStyle Libre 2 outside the U. S ( announced in October 2018
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Older generation A ##b bot t Free ##S ##ty ##le Li ##bre sensors allow remote attackers within close proximity to enable w ##r ite access to memory via a spec if ##ic NFC unlock command . NOT E : The vulnerability is not present in the Free ##S ##ty ##le Li ##bre 14 - day in the U . S ( announced in August 2018 ) and Free ##S ##ty ##le Li ##bre 2 out sid e the U . S ( announced in October 2018 ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Older generation A ##b bot t Free ##S ##ty ##le Li ##bre sensors allow remote attackers within close proximity to enable w ##r ite access to memory via a spec if ##ic NFC unlock command . NOT E : The vulnerability is not present in the Free ##S ##ty ##le Li ##bre 14 - day in the U . S ( announced in August 2018 ) and Free ##S ##ty ##le Li ##bre 2 out sid e the U . S ( announced in October 2018 ) . [SEP]
LIME (words)
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018).
SHAP (words)
Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14- day in the U. S ( announced in August 2018) and FreeStyle Libre 2 outside the U. S ( announced in October 2018
#5 · cve_id CVE-2023-21536 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Event Tracing ▁for ▁Windows ▁In for matio n Disclosure Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Event Tracing for Windows Information Disclosure Vulnerability
SHAP (words)
Event Tracing for Windows Information Disclosure Vulnerability
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Event Tracing for Windows In ##fo ##r matio n Disclosure Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Event Tracing for Windows In ##fo ##r matio n Disclosure Vulnerability [SEP]
LIME (words)
Event Tracing for Windows Information Disclosure Vulnerability
SHAP (words)
Event Tracing for Windows Information Disclosure Vulnerability
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Event Tracing for Windows In ##fo ##r matio n Disclosure Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Event Tracing for Windows In ##fo ##r matio n Disclosure Vulnerability [SEP]
LIME (words)
Event Tracing for Windows Information Disclosure Vulnerability
SHAP (words)
Event Tracing for Windows Information Disclosure Vulnerability
#6 · cve_id CVE-2021-32832 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Rocket . Chat ▁is ▁an open-source ▁fully ▁customizable ▁communications ▁platform ▁developed ▁in JavaScript . ▁In ▁Rocket . Chat ▁before ▁versions ▁3 . 11 . 3 ▁3 . 12 . 2 ▁and ▁3 . 13 ▁an ▁issue ▁with ▁certain ▁regular ▁ex pre ssi ▁on s ▁could ▁lead ▁potentially ▁to Denial ▁of ▁Service . ▁This ▁was ▁fixed ▁in ▁versions ▁3 . 11 . 3 ▁3 . 12 . 2 ▁and ▁3 . 13 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3 3.12.2 and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3 3.12.2 and 3.13.
SHAP (words)
Rocket. Chat is an open- source fully customizable communications platform developed in JavaScript. In Rocket. Chat before versions 3. 11. 3 3. 12. 2 and 3. 13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3. 11. 3 3. 12. 2 and 3. 13
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Rocket . Chat is an open-source fully custom ##iza ##ble communications platform dev el ##oped in JavaScript . In Rocket . Chat before versions 3 . 11 . 3 3 . 12 . 2 and 3 . 13 an issue with certain regular ex ##p ##re ssi on ##s could lead potentially to Denial of Service . This was fixed in versions 3 . 11 . 3 3 . 12 . 2 and 3 . 13 . [SEP]
LRP (+Pred, pos-only)
[CLS] Rocket . Chat is an open-source fully custom ##iza ##ble communications platform dev el ##oped in JavaScript . In Rocket . Chat before versions 3 . 11 . 3 3 . 12 . 2 and 3 . 13 an issue with certain regular ex ##p ##re ssi on ##s could lead potentially to Denial of Service . This was fixed in versions 3 . 11 . 3 3 . 12 . 2 and 3 . 13 . [SEP]
LIME (words)
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3 3.12.2 and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3 3.12.2 and 3.13.
SHAP (words)
Rocket. Chat is an open- source fully customizable communications platform developed in JavaScript. In Rocket. Chat before versions 3. 11. 3 3. 12. 2 and 3. 13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3. 11. 3 3. 12. 2 and 3. 13
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Rocket . Chat is an open-source fully custom ##iza ##ble communications platform dev el ##oped in JavaScript . In Rocket . Chat before versions 3 . 11 . 3 3 . 12 . 2 and 3 . 13 an issue with certain regular ex ##p ##re ssi on ##s could lead potentially to Denial of Service . This was fixed in versions 3 . 11 . 3 3 . 12 . 2 and 3 . 13 . [SEP]
LRP (+Pred, pos-only)
[CLS] Rocket . Chat is an open-source fully custom ##iza ##ble communications platform dev el ##oped in JavaScript . In Rocket . Chat before versions 3 . 11 . 3 3 . 12 . 2 and 3 . 13 an issue with certain regular ex ##p ##re ssi on ##s could lead potentially to Denial of Service . This was fixed in versions 3 . 11 . 3 3 . 12 . 2 and 3 . 13 . [SEP]
LIME (words)
Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3 3.12.2 and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3 3.12.2 and 3.13.
SHAP (words)
Rocket. Chat is an open- source fully customizable communications platform developed in JavaScript. In Rocket. Chat before versions 3. 11. 3 3. 12. 2 and 3. 13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3. 11. 3 3. 12. 2 and 3. 13
#7 · cve_id CVE-2022-35526 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
WAV LIN K ▁W N 57 2 HP 3 ▁W N 5 33 A 8 ▁W N 530 H 4 ▁W N 5 35 G 3 ▁W N 53 1 P 3 login . c gi ▁has ▁no ▁filtering ▁on param eter ▁key ▁which ▁leads ▁to ▁command inject ion ▁in ▁page / login . s html . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 login.cgi has no filtering on parameter key which leads to command injection in page /login.shtml.
SHAP (words)
WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 login. cgi has no filtering on parameter key which leads to command injection in page / login. shtml
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] WAV L ##IN ##K W ##N ##5 ##7 ##2 ##HP ##3 W ##N ##53 ##3 ##A ##8 W ##N ##53 ##0 ##H ##4 W ##N ##53 ##5 ##G ##3 W ##N ##53 ##1 ##P ##3 login . c ##gi has no filtering on param et ##er key which leads to command inject ion in page / login . s ##ht ##m ##l . [SEP]
LRP (+Pred, pos-only)
[CLS] WAV L ##IN ##K W ##N ##5 ##7 ##2 ##HP ##3 W ##N ##53 ##3 ##A ##8 W ##N ##53 ##0 ##H ##4 W ##N ##53 ##5 ##G ##3 W ##N ##53 ##1 ##P ##3 login . c ##gi has no filtering on param et ##er key which leads to command inject ion in page / login . s ##ht ##m ##l . [SEP]
LIME (words)
WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 login.cgi has no filtering on parameter key which leads to command injection in page /login.shtml.
SHAP (words)
WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 login. cgi has no filtering on parameter key which leads to command injection in page / login. shtml
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] WAV L ##IN ##K W ##N ##5 ##7 ##2 ##HP ##3 W ##N ##53 ##3 ##A ##8 W ##N ##53 ##0 ##H ##4 W ##N ##53 ##5 ##G ##3 W ##N ##53 ##1 ##P ##3 login . c ##gi has no filtering on param et ##er key which leads to command inject ion in page / login . s ##ht ##m ##l . [SEP]
LRP (+Pred, pos-only)
[CLS] WAV L ##IN ##K W ##N ##5 ##7 ##2 ##HP ##3 W ##N ##53 ##3 ##A ##8 W ##N ##53 ##0 ##H ##4 W ##N ##53 ##5 ##G ##3 W ##N ##53 ##1 ##P ##3 login . c ##gi has no filtering on param et ##er key which leads to command inject ion in page / login . s ##ht ##m ##l . [SEP]
LIME (words)
WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 login.cgi has no filtering on parameter key which leads to command injection in page /login.shtml.
SHAP (words)
WAVLINK WN572HP3 WN533A8 WN530H4 WN535G3 WN531P3 login. cgi has no filtering on parameter key which leads to command injection in page / login. shtml
#8 · cve_id CVE-2021-4326 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁in ▁Imp erative ▁framework ▁which ▁allows ▁already - priv ile ged ▁local ▁actors ▁to ▁execute ▁arbitrary ▁shell ▁commands ▁via plugin ▁install / up date ▁commands ▁or maliciously ▁formed ▁environment ▁variables . ▁Imp act s ▁Zo we CLI . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands or maliciously formed environment variables. Impacts Zowe CLI.
SHAP (words)
A vulnerability in Imperative framework which allows already- privileged local actors to execute arbitrary shell commands via plugin install/ update commands or maliciously formed environment variables. Impacts Zowe CLI
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability in I ##mper ##ative framework which allows already - privileged local actors to exec u ##te arbitrary shell commands via plugin install / update commands or maliciously formed environment variables . Impact ##s Z ##ow ##e CLI . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability in I ##mper ##ative framework which allows already - privileged local actors to exec u ##te arbitrary shell commands via plugin install / update commands or maliciously formed environment variables . Impact ##s Z ##ow ##e CLI . [SEP]
LIME (words)
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands or maliciously formed environment variables. Impacts Zowe CLI.
SHAP (words)
A vulnerability in Imperative framework which allows already- privileged local actors to execute arbitrary shell commands via plugin install/ update commands or maliciously formed environment variables. Impacts Zowe CLI
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability in I ##mper ##ative framework which allows already - privileged local actors to exec u ##te arbitrary shell commands via plugin install / update commands or maliciously formed environment variables . Impact ##s Z ##ow ##e CLI . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability in I ##mper ##ative framework which allows already - privileged local actors to exec u ##te arbitrary shell commands via plugin install / update commands or maliciously formed environment variables . Impact ##s Z ##ow ##e CLI . [SEP]
LIME (words)
A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands or maliciously formed environment variables. Impacts Zowe CLI.
SHAP (words)
A vulnerability in Imperative framework which allows already- privileged local actors to execute arbitrary shell commands via plugin install/ update commands or maliciously formed environment variables. Impacts Zowe CLI
#9 · cve_id CVE-2020-14858 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the ▁Oracle Hospitality OPERA ▁5 ▁Property ▁Services ▁product ▁of ▁Oracle Hospitality ▁Applications ( com ponent : Logging ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁5 . 5 ▁and ▁5 . 6 . Easily exploitable ▁vulnerability ▁allows ▁high ▁privileged ▁attacker ▁with ▁network ▁access ▁via HTTP ▁to ▁compromise ▁Oracle Hospitality OPERA ▁5 ▁Property ▁Services . Successful ▁attacks ▁require ▁human ▁interaction ▁from ▁a ▁person ▁other ▁than ▁the ▁attacker . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in ▁takeover ▁of ▁Oracle Hospitality OPERA ▁5 ▁Property ▁Services . CVSS ▁3 . 1 ▁Base ▁Score ▁6 . 8 ( Con fid ential ity Integrity ▁and Availability ▁impacts ) . CVSS Vector : ( CVSS : 3 . 1/ AV : N / AC : L / PR : H / UI : R / S : U / C : H / I : H / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 6.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications ( component: Logging). Supported versions that are affected are 5. 5 and 5. 6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3. 1 Base Score 6. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: H/ UI: R/ S: U/ C: H/ I: H/ A: H
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality App l ##ica ##tions ( component : Logging ) . Supported versions that are affected are 5 . 5 and 5 . 6 . Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services . CVSS 3 . 1 Base Score 6 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : H / UI : R / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality App l ##ica ##tions ( component : Logging ) . Supported versions that are affected are 5 . 5 and 5 . 6 . Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services . CVSS 3 . 1 Base Score 6 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : H / UI : R / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 6.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications ( component: Logging). Supported versions that are affected are 5. 5 and 5. 6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3. 1 Base Score 6. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: H/ UI: R/ S: U/ C: H/ I: H/ A: H
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality App l ##ica ##tions ( component : Logging ) . Supported versions that are affected are 5 . 5 and 5 . 6 . Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services . CVSS 3 . 1 Base Score 6 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : H / UI : R / S : U / C : H / I : H / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality App l ##ica ##tions ( component : Logging ) . Supported versions that are affected are 5 . 5 and 5 . 6 . Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services . Successful attacks require human int era ##ction from a person other than the attacker . Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services . CVSS 3 . 1 Base Score 6 . 8 ( Con fid en ##tial ##ity Integrity and Availability impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : H / UI : R / S : U / C : H / I : H / A : H ) . [SEP]
LIME (words)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 6.8 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).
SHAP (words)
Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications ( component: Logging). Supported versions that are affected are 5. 5 and 5. 6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality OPERA 5 Property Services. CVSS 3. 1 Base Score 6. 8 ( Confidentiality Integrity and Availability impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: H/ UI: R/ S: U/ C: H/ I: H/ A: H
#10 · cve_id CVE-2023-30321 · a
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Cross ▁Site Scripting ( XSS ) ▁vulnerability ▁in ▁text Mess age ▁field ▁in / src / cha t bot app / Login Servlet . java ▁in w li ang 6 Chat ▁Engine ▁commit ▁f ded 8 e 7 10 ad 59 f 8 168 67 ad 47 d 7 f c 48 62 f 65 02 f 3 e ▁allows ▁attackers ▁to ▁execute ▁arbitrary ▁code . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e allows attackers to execute arbitrary code.
SHAP (words)
Cross Site Scripting ( XSS) vulnerability in textMessage field in / src/ chatbotapp/ LoginServlet. java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e allows attackers to execute arbitrary code
lrp-bert · Pred=NONE (0) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting ( XSS ) vulnerability in text ##M ##ess ##age field in / src / chat bot app / Login Servlet . java in w ##lian ##g ##6 Chat Engine commit f ##ded ##8 ##e ##7 ##10 ##ad ##5 ##9 ##f ##8 ##16 ##86 ##7 ##ad ##47 ##d ##7 ##f ##c ##48 ##6 ##2 ##f ##65 ##0 ##2 ##f ##3 ##e allows attackers to exec u ##te arbitrary code . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting ( XSS ) vulnerability in text ##M ##ess ##age field in / src / chat bot app / Login Servlet . java in w ##lian ##g ##6 Chat Engine commit f ##ded ##8 ##e ##7 ##10 ##ad ##5 ##9 ##f ##8 ##16 ##86 ##7 ##ad ##47 ##d ##7 ##f ##c ##48 ##6 ##2 ##f ##65 ##0 ##2 ##f ##3 ##e allows attackers to exec u ##te arbitrary code . [SEP]
LIME (words)
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e allows attackers to execute arbitrary code.
SHAP (words)
Cross Site Scripting ( XSS) vulnerability in textMessage field in / src/ chatbotapp/ LoginServlet. java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e allows attackers to execute arbitrary code
lrp-distilbert · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross S ite Scripting ( XSS ) vulnerability in text ##M ##ess ##age field in / src / chat bot app / Login Servlet . java in w ##lian ##g ##6 Chat Engine commit f ##ded ##8 ##e ##7 ##10 ##ad ##5 ##9 ##f ##8 ##16 ##86 ##7 ##ad ##47 ##d ##7 ##f ##c ##48 ##6 ##2 ##f ##65 ##0 ##2 ##f ##3 ##e allows attackers to exec u ##te arbitrary code . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross S ite Scripting ( XSS ) vulnerability in text ##M ##ess ##age field in / src / chat bot app / Login Servlet . java in w ##lian ##g ##6 Chat Engine commit f ##ded ##8 ##e ##7 ##10 ##ad ##5 ##9 ##f ##8 ##16 ##86 ##7 ##ad ##47 ##d ##7 ##f ##c ##48 ##6 ##2 ##f ##65 ##0 ##2 ##f ##3 ##e allows attackers to exec u ##te arbitrary code . [SEP]
LIME (words)
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e allows attackers to execute arbitrary code.
SHAP (words)
Cross Site Scripting ( XSS) vulnerability in textMessage field in / src/ chatbotapp/ LoginServlet. java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e allows attackers to execute arbitrary code
#11 · cve_id CVE-2023-33142 · a
GT=NONE (0)
xlnet · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Microsoft SharePoint ▁Server Elevation ▁of Privilege Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microsoft SharePoint Server Elevation of Privilege Vulnerability
SHAP (words)
Microsoft SharePoint Server Elevation of Privilege Vulnerability
lrp-bert · Pred=HIGH (2) · p=0.96 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft SharePoint Server Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft SharePoint Server Elevation of Privilege Vulnerability [SEP]
LIME (words)
Microsoft SharePoint Server Elevation of Privilege Vulnerability
SHAP (words)
Microsoft SharePoint Server Elevation of Privilege Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft SharePoint Server Elevation of Privilege Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft SharePoint Server Elevation of Privilege Vulnerability [SEP]
LIME (words)
Microsoft SharePoint Server Elevation of Privilege Vulnerability
SHAP (words)
Microsoft SharePoint Server Elevation of Privilege Vulnerability
#12 · cve_id CVE-2021-36625 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An SQL Injection ▁vulnerability ▁exists ▁in Dolibarr ERP / CRM ▁13 . 0 . 2 ( fixed ▁version ▁is ▁14 . 0 . 0 ) ▁via ▁a POST ▁request ▁to ▁the ▁country _ id param eter ▁in ▁an UPDATE ▁statement . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
SHAP (words)
An SQL Injection vulnerability exists in Dolibarr ERP/ CRM 13. 0. 2 ( fixed version is 14. 0. 0) via a POST request to the country_id parameter in an UPDATE statement
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An SQL Injection vulnerability exists in Dolibarr ERP / CRM 13 . 0 . 2 ( fixed version is 14 . 0 . 0 ) via a POST request to the country _ id param et ##er in an UPDATE statement . [SEP]
LRP (+Pred, pos-only)
[CLS] An SQL Injection vulnerability exists in Dolibarr ERP / CRM 13 . 0 . 2 ( fixed version is 14 . 0 . 0 ) via a POST request to the country _ id param et ##er in an UPDATE statement . [SEP]
LIME (words)
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
SHAP (words)
An SQL Injection vulnerability exists in Dolibarr ERP/ CRM 13. 0. 2 ( fixed version is 14. 0. 0) via a POST request to the country_id parameter in an UPDATE statement
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An SQL Injection vulnerability exists in Dolibarr ERP / CRM 13 . 0 . 2 ( fixed version is 14 . 0 . 0 ) via a POST request to the country _ id param et ##er in an UPDATE statement . [SEP]
LRP (+Pred, pos-only)
[CLS] An SQL Injection vulnerability exists in Dolibarr ERP / CRM 13 . 0 . 2 ( fixed version is 14 . 0 . 0 ) via a POST request to the country _ id param et ##er in an UPDATE statement . [SEP]
LIME (words)
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.
SHAP (words)
An SQL Injection vulnerability exists in Dolibarr ERP/ CRM 13. 0. 2 ( fixed version is 14. 0. 0) via a POST request to the country_id parameter in an UPDATE statement
#13 · cve_id CVE-2021-32741 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Nextcloud ▁Server ▁is ▁a Nextcloud ▁package ▁that ▁handles ▁data ▁storage . ▁In ▁versions ▁prior ▁to ▁19 . 0 . 13 ▁20 . 0 11 ▁and ▁21 . 0 . 3 ▁there ▁was ▁a ▁lack ▁of ▁rate limit ing ▁on ▁the ▁public ▁share ▁link ▁mount endpoint . ▁This ▁may ▁have ▁allowed ▁an ▁attacker ▁to enumerate ▁potentially ▁valid ▁share tokens . ▁The ▁issue ▁was ▁fixed ▁in ▁versions ▁19 . 0 . 13 ▁20 . 0 . 11 ▁and ▁21 . 0 . 3 . ▁There ▁are ▁no ▁known workarounds . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13 20.011 and 21.0.3 there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13 20.0.11 and 21.0.3. There are no known workarounds.
SHAP (words)
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19. 0. 13 20. 011 and 21. 0. 3 there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19. 0. 13 20. 0. 11 and 21. 0. 3. There are no known workarounds
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Nextcloud Server is a Nextcloud package that handles data storage . In versions prior to 19 . 0 . 13 20 . 01 ##1 and 21 . 0 . 3 there was a lack of rate ##lim ##iting on the public share link mount endpoint . This may have allowed an attacker to enumerate potentially valid share tokens . The issue was fixed in versions 19 . 0 . 13 20 . 0 . 11 and 21 . 0 . 3 . There are no known workarounds . [SEP]
LRP (+Pred, pos-only)
[CLS] Nextcloud Server is a Nextcloud package that handles data storage . In versions prior to 19 . 0 . 13 20 . 01 ##1 and 21 . 0 . 3 there was a lack of rate ##lim ##iting on the public share link mount endpoint . This may have allowed an attacker to enumerate potentially valid share tokens . The issue was fixed in versions 19 . 0 . 13 20 . 0 . 11 and 21 . 0 . 3 . There are no known workarounds . [SEP]
LIME (words)
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13 20.011 and 21.0.3 there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13 20.0.11 and 21.0.3. There are no known workarounds.
SHAP (words)
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19. 0. 13 20. 011 and 21. 0. 3 there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19. 0. 13 20. 0. 11 and 21. 0. 3. There are no known workarounds
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Nextcloud Server is a Nextcloud package that handles data storage . In versions prior to 19 . 0 . 13 20 . 01 ##1 and 21 . 0 . 3 there was a lack of rate ##lim ##iting on the public share link mount endpoint . This may have allowed an attacker to enumerate potentially valid share tokens . The issue was fixed in versions 19 . 0 . 13 20 . 0 . 11 and 21 . 0 . 3 . There are no known workarounds . [SEP]
LRP (+Pred, pos-only)
[CLS] Nextcloud Server is a Nextcloud package that handles data storage . In versions prior to 19 . 0 . 13 20 . 01 ##1 and 21 . 0 . 3 there was a lack of rate ##lim ##iting on the public share link mount endpoint . This may have allowed an attacker to enumerate potentially valid share tokens . The issue was fixed in versions 19 . 0 . 13 20 . 0 . 11 and 21 . 0 . 3 . There are no known workarounds . [SEP]
LIME (words)
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13 20.011 and 21.0.3 there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13 20.0.11 and 21.0.3. There are no known workarounds.
SHAP (words)
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19. 0. 13 20. 011 and 21. 0. 3 there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19. 0. 13 20. 0. 11 and 21. 0. 3. There are no known workarounds
#14 · cve_id CVE-2022-35909 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.93 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁Je lly fin ▁before ▁10 . 8 ▁the / user s endpoint ▁has ▁incorrect ▁access ▁control ▁for admin ▁functionality . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In Jellyfin before 10.8 the /users endpoint has incorrect access control for admin functionality.
SHAP (words)
In Jellyfin before 10. 8 the / users endpoint has incorrect access control for admin functionality
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Je ##lly ##fin before 10 . 8 the / users endpoint has incorrect access control for admin functionality . [SEP]
LRP (+Pred, pos-only)
[CLS] In Je ##lly ##fin before 10 . 8 the / users endpoint has incorrect access control for admin functionality . [SEP]
LIME (words)
In Jellyfin before 10.8 the /users endpoint has incorrect access control for admin functionality.
SHAP (words)
In Jellyfin before 10. 8 the / users endpoint has incorrect access control for admin functionality
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In Je ##lly ##fin before 10 . 8 the / users endpoint has incorrect access control for admin functionality . [SEP]
LRP (+Pred, pos-only)
[CLS] In Je ##lly ##fin before 10 . 8 the / users endpoint has incorrect access control for admin functionality . [SEP]
LIME (words)
In Jellyfin before 10.8 the /users endpoint has incorrect access control for admin functionality.
SHAP (words)
In Jellyfin before 10. 8 the / users endpoint has incorrect access control for admin functionality
#15 · cve_id CVE-2023-26046 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁tele r - wa f ▁is ▁a ▁Go HTTP middleware ▁that ▁provides ▁tele r ▁I DS ▁functionality ▁to ▁protect ▁against web-based ▁attacks . ▁In ▁tele r - wa f ▁prior ▁to ▁version ▁0 . 1 . 1 ▁is ▁vulnerable ▁to bypassing ▁common ▁web ▁attack ▁rules ▁when ▁a spec ific HTML ▁entities ▁payload ▁is ▁used . ▁This ▁vulnerability ▁allows ▁an ▁attacker ▁to ▁execute ▁arbitrary JavaScript ▁code ▁on ▁the ▁victim ' s browse r ▁and ▁compromise ▁the ▁security ▁of ▁the ▁web ▁application . ▁The ▁vulnerability ▁exists ▁due ▁to ▁tele r - wa f ▁failure ▁to ▁properly sanitize ▁and ▁filter HTML ▁entities ▁in ▁user ▁input . ▁An ▁attacker ▁can ▁exploit ▁this ▁vulnerability ▁to ▁bypass ▁common ▁web ▁attack ▁threat ▁rules ▁in ▁tele r - wa f ▁and ▁launch cross-site scripting ( XSS ) ▁attacks . ▁The ▁attacker ▁can ▁execute ▁arbitrary JavaScript ▁code ▁on ▁the ▁victim ' s browse r ▁and ▁steal ▁sensitive ▁in for matio n ▁such ▁as login credential s ▁and se ssi ▁on tokens ▁or ▁take ▁control ▁of ▁the ▁victim ' s browse r ▁and ▁perform malicious ▁actions . ▁This ▁issue ▁has ▁been ▁fixed ▁in ▁version ▁0 . 1 . 1 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information such as login credentials and session tokens or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.
SHAP (words)
teler- waf is a Go HTTP middleware that provides teler IDS functionality to protect against web- based attacks. In teler- waf prior to version 0. 1. 1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim' s browser and compromise the security of the web application. The vulnerability exists due to teler- waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler- waf and launch cross- site scripting ( XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim' s browser and steal sensitive information such as login credentials and session tokens or take control of the victim' s browser and perform malicious actions. This issue has been fixed in version 0. 1. 1
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] te ##ler - wa ##f is a Go HTTP middleware that provides te ##ler ID ##S functionality to protect against web-based attacks . In te ##ler - wa ##f prior to version 0 . 1 . 1 is vulnerable to bypassing common web attack rules when a spec if ##ic HTML entities payload is used . This vulnerability allows an attacker to exec u ##te arbitrary JavaScript code on the victim ' s browse r and compromise the se ##c uri t ##y of the web application . The vulnerability exists due to te ##ler - wa ##f failure to properly sanitize and filter HTML entities in user input . An attacker can exploit this vulnerability to bypass common web attack threat rules in te ##ler - wa ##f and launch cross-site scripting ( XSS ) attacks . The attacker can exec u ##te arbitrary JavaScript code on the victim ' s browse r and steal sensitive info ##r matio n such as login credential s and se ssi on tokens or take control of the victim ' s browse r and perform malicious actions . This issue has been fixed in version 0 . 1 . 1 . [SEP]
LRP (+Pred, pos-only)
[CLS] te ##ler - wa ##f is a Go HTTP middleware that provides te ##ler ID ##S functionality to protect against web-based attacks . In te ##ler - wa ##f prior to version 0 . 1 . 1 is vulnerable to bypassing common web attack rules when a spec if ##ic HTML entities payload is used . This vulnerability allows an attacker to exec u ##te arbitrary JavaScript code on the victim ' s browse r and compromise the se ##c uri t ##y of the web application . The vulnerability exists due to te ##ler - wa ##f failure to properly sanitize and filter HTML entities in user input . An attacker can exploit this vulnerability to bypass common web attack threat rules in te ##ler - wa ##f and launch cross-site scripting ( XSS ) attacks . The attacker can exec u ##te arbitrary JavaScript code on the victim ' s browse r and steal sensitive info ##r matio n such as login credential s and se ssi on tokens or take control of the victim ' s browse r and perform malicious actions . This issue has been fixed in version 0 . 1 . 1 . [SEP]
LIME (words)
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information such as login credentials and session tokens or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.
SHAP (words)
teler- waf is a Go HTTP middleware that provides teler IDS functionality to protect against web- based attacks. In teler- waf prior to version 0. 1. 1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim' s browser and compromise the security of the web application. The vulnerability exists due to teler- waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler- waf and launch cross- site scripting ( XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim' s browser and steal sensitive information such as login credentials and session tokens or take control of the victim' s browser and perform malicious actions. This issue has been fixed in version 0. 1. 1
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] te ##ler - wa ##f is a Go HTTP middleware that provides te ##ler ID ##S functionality to protect against web-based attacks . In te ##ler - wa ##f prior to version 0 . 1 . 1 is vulnerable to bypassing common web attack rules when a spec if ##ic HTML entities payload is used . This vulnerability allows an attacker to exec u ##te arbitrary JavaScript code on the victim ' s browse r and compromise the se ##c uri t ##y of the web application . The vulnerability exists due to te ##ler - wa ##f failure to properly sanitize and filter HTML entities in user input . An attacker can exploit this vulnerability to bypass common web attack threat rules in te ##ler - wa ##f and launch cross-site scripting ( XSS ) attacks . The attacker can exec u ##te arbitrary JavaScript code on the victim ' s browse r and steal sensitive info ##r matio n such as login credential s and se ssi on tokens or take control of the victim ' s browse r and perform malicious actions . This issue has been fixed in version 0 . 1 . 1 . [SEP]
LRP (+Pred, pos-only)
[CLS] te ##ler - wa ##f is a Go HTTP middleware that provides te ##ler ID ##S functionality to protect against web-based attacks . In te ##ler - wa ##f prior to version 0 . 1 . 1 is vulnerable to bypassing common web attack rules when a spec if ##ic HTML entities payload is used . This vulnerability allows an attacker to exec u ##te arbitrary JavaScript code on the victim ' s browse r and compromise the se ##c uri t ##y of the web application . The vulnerability exists due to te ##ler - wa ##f failure to properly sanitize and filter HTML entities in user input . An attacker can exploit this vulnerability to bypass common web attack threat rules in te ##ler - wa ##f and launch cross-site scripting ( XSS ) attacks . The attacker can exec u ##te arbitrary JavaScript code on the victim ' s browse r and steal sensitive info ##r matio n such as login credential s and se ssi on tokens or take control of the victim ' s browse r and perform malicious actions . This issue has been fixed in version 0 . 1 . 1 . [SEP]
LIME (words)
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information such as login credentials and session tokens or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.
SHAP (words)
teler- waf is a Go HTTP middleware that provides teler IDS functionality to protect against web- based attacks. In teler- waf prior to version 0. 1. 1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim' s browser and compromise the security of the web application. The vulnerability exists due to teler- waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler- waf and launch cross- site scripting ( XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim' s browser and steal sensitive information such as login credentials and session tokens or take control of the victim' s browser and perform malicious actions. This issue has been fixed in version 0. 1. 1
#16 · cve_id CVE-2021-44899 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Micro - Star ▁International ( MSI ) ▁Center ▁< = ▁1 . 0 . 31 . 0 ▁is ▁vulnerable ▁to ▁multiple Privilege Escalation vulnerabilities ▁in ▁the ▁at id gl lk . sys ▁at ill k 64 . sys ▁MO DA PI . sys ▁NT IO Lib . sys ▁NT IO Lib _ X 64 . sys ▁Win R ing 0 . sys ▁Win R ing 0 x 64 . sys ▁drivers ▁components . ▁All ▁the vulnerabilities ▁are ▁triggered ▁by ▁sending spec ific IOCTL ▁requests . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys atillk64.sys MODAPI.sys NTIOLib.sys NTIOLib_X64.sys WinRing0.sys WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.
SHAP (words)
Micro- Star International ( MSI) Center <= 1. 0. 31. 0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk. sys atillk64. sys MODAPI. sys NTIOLib. sys NTIOLib_X64. sys WinRing0. sys WinRing0x64. sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Micro - S tar International ( MSI ) Center < = 1 . 0 . 31 . 0 is vulnerable to m ##ult ip le Privilege Escalation vulnerabilities in the at ##id ##g ##ll ##k . s ##ys at ##ill ##k ##64 . s ##ys M ##OD ##A PI . s ##ys NT IO Li ##b . s ##ys NT IO Li ##b _ X ##64 . s ##ys Win ##R ##ing ##0 . s ##ys Win ##R ##ing ##0 ##x ##64 . s ##ys drivers components . All the vulnerabilities are triggered by sending spec if ##ic IOCTL requests . [SEP]
LRP (+Pred, pos-only)
[CLS] Micro - S tar International ( MSI ) Center < = 1 . 0 . 31 . 0 is vulnerable to m ##ult ip le Privilege Escalation vulnerabilities in the at ##id ##g ##ll ##k . s ##ys at ##ill ##k ##64 . s ##ys M ##OD ##A PI . s ##ys NT IO Li ##b . s ##ys NT IO Li ##b _ X ##64 . s ##ys Win ##R ##ing ##0 . s ##ys Win ##R ##ing ##0 ##x ##64 . s ##ys drivers components . All the vulnerabilities are triggered by sending spec if ##ic IOCTL requests . [SEP]
LIME (words)
Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys atillk64.sys MODAPI.sys NTIOLib.sys NTIOLib_X64.sys WinRing0.sys WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.
SHAP (words)
Micro- Star International ( MSI) Center <= 1. 0. 31. 0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk. sys atillk64. sys MODAPI. sys NTIOLib. sys NTIOLib_X64. sys WinRing0. sys WinRing0x64. sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Micro - S tar International ( MSI ) Center < = 1 . 0 . 31 . 0 is vulnerable to m ##ult ip le Privilege Escalation vulnerabilities in the at ##id ##g ##ll ##k . s ##ys at ##ill ##k ##64 . s ##ys M ##OD ##A PI . s ##ys NT IO Li ##b . s ##ys NT IO Li ##b _ X ##64 . s ##ys Win ##R ##ing ##0 . s ##ys Win ##R ##ing ##0 ##x ##64 . s ##ys drivers components . All the vulnerabilities are triggered by sending spec if ##ic IOCTL requests . [SEP]
LRP (+Pred, pos-only)
[CLS] Micro - S tar International ( MSI ) Center < = 1 . 0 . 31 . 0 is vulnerable to m ##ult ip le Privilege Escalation vulnerabilities in the at ##id ##g ##ll ##k . s ##ys at ##ill ##k ##64 . s ##ys M ##OD ##A PI . s ##ys NT IO Li ##b . s ##ys NT IO Li ##b _ X ##64 . s ##ys Win ##R ##ing ##0 . s ##ys Win ##R ##ing ##0 ##x ##64 . s ##ys drivers components . All the vulnerabilities are triggered by sending spec if ##ic IOCTL requests . [SEP]
LIME (words)
Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys atillk64.sys MODAPI.sys NTIOLib.sys NTIOLib_X64.sys WinRing0.sys WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests.
SHAP (words)
Micro- Star International ( MSI) Center <= 1. 0. 31. 0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk. sys atillk64. sys MODAPI. sys NTIOLib. sys NTIOLib_X64. sys WinRing0. sys WinRing0x64. sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests
#17 · cve_id CVE-2023-29178 · a
GT=LOW (1)
xlnet · Pred=HIGH (2) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁access ▁of uninitialized pointer ▁vulnerability ▁[ C WE - 8 24 ] ▁in Fortinet FortiProxy ▁version ▁7 . 2 . 0 ▁through ▁7 . 2 . 3 ▁and ▁before ▁7 . 0 . 9 ▁and FortiOS ▁version ▁7 . 2 . 0 ▁through ▁7 . 2 . 4 ▁and ▁before ▁7 . 0 . 11 ▁allows ▁an authenticated ▁attacker ▁to ▁repetitive ly ▁crash ▁the ht t psd ▁process ▁via ▁crafted HTTP ▁or HTTPS ▁requests . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.
SHAP (words)
A access of uninitialized pointer vulnerability [ CWE- 824] in Fortinet FortiProxy version 7. 2. 0 through 7. 2. 3 and before 7. 0. 9 and FortiOS version 7. 2. 0 through 7. 2. 4 and before 7. 0. 11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests
lrp-bert · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A access of uninitialized pointer vulnerability [ CW ##E - 82 ##4 ] in Fortinet FortiProxy version 7 . 2 . 0 through 7 . 2 . 3 and before 7 . 0 . 9 and FortiOS version 7 . 2 . 0 through 7 . 2 . 4 and before 7 . 0 . 11 allows an authenticated attacker to repetitive ##ly crash the h ##tt psd process via crafted HTTP or HTTPS requests . [SEP]
LRP (+Pred, pos-only)
[CLS] A access of uninitialized pointer vulnerability [ CW ##E - 82 ##4 ] in Fortinet FortiProxy version 7 . 2 . 0 through 7 . 2 . 3 and before 7 . 0 . 9 and FortiOS version 7 . 2 . 0 through 7 . 2 . 4 and before 7 . 0 . 11 allows an authenticated attacker to repetitive ##ly crash the h ##tt psd process via crafted HTTP or HTTPS requests . [SEP]
LIME (words)
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.
SHAP (words)
A access of uninitialized pointer vulnerability [ CWE- 824] in Fortinet FortiProxy version 7. 2. 0 through 7. 2. 3 and before 7. 0. 9 and FortiOS version 7. 2. 0 through 7. 2. 4 and before 7. 0. 11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests
lrp-distilbert · Pred=HIGH (2) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A access of uninitialized pointer vulnerability [ CW ##E - 82 ##4 ] in Fortinet FortiProxy version 7 . 2 . 0 through 7 . 2 . 3 and before 7 . 0 . 9 and FortiOS version 7 . 2 . 0 through 7 . 2 . 4 and before 7 . 0 . 11 allows an authenticated attacker to repetitive ##ly crash the h ##tt psd process via crafted HTTP or HTTPS requests . [SEP]
LRP (+Pred, pos-only)
[CLS] A access of uninitialized pointer vulnerability [ CW ##E - 82 ##4 ] in Fortinet FortiProxy version 7 . 2 . 0 through 7 . 2 . 3 and before 7 . 0 . 9 and FortiOS version 7 . 2 . 0 through 7 . 2 . 4 and before 7 . 0 . 11 allows an authenticated attacker to repetitive ##ly crash the h ##tt psd process via crafted HTTP or HTTPS requests . [SEP]
LIME (words)
A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.
SHAP (words)
A access of uninitialized pointer vulnerability [ CWE- 824] in Fortinet FortiProxy version 7. 2. 0 through 7. 2. 3 and before 7. 0. 9 and FortiOS version 7. 2. 0 through 7. 2. 4 and before 7. 0. 11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests
#18 · cve_id CVE-2020-0955 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁in for matio n ▁di sc los ure ▁vulnerability ▁exists ▁when ▁certain ▁central ▁pro ce ssi ng ▁units ( C PU ) speculative ly ▁access ▁memory aka ' W in dow s Kernel ▁In for matio n Disclosure ▁in ▁CPU ▁Memory ▁Access ' . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory aka 'Windows Kernel Information Disclosure in CPU Memory Access'.
SHAP (words)
An information disclosure vulnerability exists when certain central processing units ( CPU) speculatively access memory aka ' Windows Kernel Information Disclosure in CPU Memory Access
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An info ##r matio n di sc los ##ure vulnerability exists when certain central pro ##ce ssi ng units ( CPU ) speculative l ##y access memory aka ' Windows Kernel In ##fo ##r matio n Disclosure in CPU Memory Access ' . [SEP]
LRP (+Pred, pos-only)
[CLS] An info ##r matio n di sc los ##ure vulnerability exists when certain central pro ##ce ssi ng units ( CPU ) speculative l ##y access memory aka ' Windows Kernel In ##fo ##r matio n Disclosure in CPU Memory Access ' . [SEP]
LIME (words)
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory aka 'Windows Kernel Information Disclosure in CPU Memory Access'.
SHAP (words)
An information disclosure vulnerability exists when certain central processing units ( CPU) speculatively access memory aka ' Windows Kernel Information Disclosure in CPU Memory Access
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An info ##r matio n di sc los ##ure vulnerability exists when certain central pro ##ce ssi ng units ( CPU ) speculative l ##y access memory aka ' Windows Kernel In ##fo ##r matio n Disclosure in CPU Memory Access ' . [SEP]
LRP (+Pred, pos-only)
[CLS] An info ##r matio n di sc los ##ure vulnerability exists when certain central pro ##ce ssi ng units ( CPU ) speculative l ##y access memory aka ' Windows Kernel In ##fo ##r matio n Disclosure in CPU Memory Access ' . [SEP]
LIME (words)
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory aka 'Windows Kernel Information Disclosure in CPU Memory Access'.
SHAP (words)
An information disclosure vulnerability exists when certain central processing units ( CPU) speculatively access memory aka ' Windows Kernel Information Disclosure in CPU Memory Access
#19 · cve_id CVE-2023-3280 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.93 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁problem ▁with ▁a ▁protection ▁mechanism ▁in ▁the Palo ▁Alto ▁Networks Cortex ▁X DR ▁agent ▁on ▁Windows ▁devices ▁allows ▁a ▁local ▁user ▁to disable ▁the ▁agent . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
SHAP (words)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent
lrp-bert · Pred=HIGH (2) · p=0.67 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A problem with a protection mechanism in the Palo Alto Networks Cortex X ##DR agent on Windows dev ice ##s allows a local user to disable the agent . [SEP]
LRP (+Pred, pos-only)
[CLS] A problem with a protection mechanism in the Palo Alto Networks Cortex X ##DR agent on Windows dev ice ##s allows a local user to disable the agent . [SEP]
LIME (words)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
SHAP (words)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent
lrp-distilbert · Pred=NONE (0) · p=0.81 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A problem with a protection mechanism in the Palo Alto Networks Cortex X ##DR agent on Windows dev ice ##s allows a local user to disable the agent . [SEP]
LRP (+Pred, pos-only)
[CLS] A problem with a protection mechanism in the Palo Alto Networks Cortex X ##DR agent on Windows dev ice ##s allows a local user to disable the agent . [SEP]
LIME (words)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.
SHAP (words)
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent
#20 · cve_id CVE-2019-2606 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the MySQL ▁Server ▁component ▁of ▁Oracle MySQL ( sub com ponent : ▁Server : ▁Security : Privileges ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁8 . 0 . 15 ▁and ▁prior . Easily exploitable ▁vulnerability ▁allows ▁high ▁privileged ▁attacker ▁with ▁network ▁access ▁via ▁multiple ▁protocols ▁to ▁compromise MySQL ▁Server . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁ability ▁to ▁cause ▁a ▁hang ▁or ▁frequently repeatable ▁crash ( complete ▁DO S ) ▁of MySQL ▁Server . CVSS ▁3 . 0 ▁Base ▁Score ▁4 . 9 ( Availability ▁impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : H / UI : N / S : U / C : N / I : N / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the MySQL Server component of Oracle MySQL ( subcomponent: Server: Security: Privileges). Supported versions that are affected are 8. 0. 15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of MySQL Server. CVSS 3. 0 Base Score 4. 9 ( Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: H/ UI: N/ S: U/ C: N/ I: N/ A: H
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the MySQL Server component of Oracle MySQL ( sub ##com ##po ##nent : Server : Se ##c uri t ##y : Privileges ) . Supported versions that are affected are 8 . 0 . 15 and prior . Easily exploitable vulnerability allows high privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of MySQL Server . CVSS 3 . 0 Base Score 4 . 9 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : H / UI : N / S : U / C : N / I : N / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the MySQL Server component of Oracle MySQL ( sub ##com ##po ##nent : Server : Se ##c uri t ##y : Privileges ) . Supported versions that are affected are 8 . 0 . 15 and prior . Easily exploitable vulnerability allows high privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of MySQL Server . CVSS 3 . 0 Base Score 4 . 9 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : H / UI : N / S : U / C : N / I : N / A : H ) . [SEP]
LIME (words)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the MySQL Server component of Oracle MySQL ( subcomponent: Server: Security: Privileges). Supported versions that are affected are 8. 0. 15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of MySQL Server. CVSS 3. 0 Base Score 4. 9 ( Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: H/ UI: N/ S: U/ C: N/ I: N/ A: H
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the MySQL Server component of Oracle MySQL ( sub ##com ##po ##nent : Server : Se ##c uri t ##y : Privileges ) . Supported versions that are affected are 8 . 0 . 15 and prior . Easily exploitable vulnerability allows high privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of MySQL Server . CVSS 3 . 0 Base Score 4 . 9 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : H / UI : N / S : U / C : N / I : N / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the MySQL Server component of Oracle MySQL ( sub ##com ##po ##nent : Server : Se ##c uri t ##y : Privileges ) . Supported versions that are affected are 8 . 0 . 15 and prior . Easily exploitable vulnerability allows high privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of MySQL Server . CVSS 3 . 0 Base Score 4 . 9 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : H / UI : N / S : U / C : N / I : N / A : H ) . [SEP]
LIME (words)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the MySQL Server component of Oracle MySQL ( subcomponent: Server: Security: Privileges). Supported versions that are affected are 8. 0. 15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of MySQL Server. CVSS 3. 0 Base Score 4. 9 ( Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: H/ UI: N/ S: U/ C: N/ I: N/ A: H
#21 · cve_id CVE-2022-22571 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An authenticated ▁high ▁privileged ▁user ▁can ▁perform ▁a ▁stored XSS ▁attack ▁due ▁to ▁incorrect ▁output ▁encoding ▁in ▁Inc app tic ▁connect ▁and ▁affects ▁all ▁current ▁versions . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
SHAP (words)
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Inc ##ap ##ptic connect and affects all current versions . [SEP]
LRP (+Pred, pos-only)
[CLS] An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Inc ##ap ##ptic connect and affects all current versions . [SEP]
LIME (words)
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
SHAP (words)
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Inc ##ap ##ptic connect and affects all current versions . [SEP]
LRP (+Pred, pos-only)
[CLS] An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Inc ##ap ##ptic connect and affects all current versions . [SEP]
LIME (words)
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions.
SHAP (words)
An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions
#22 · cve_id CVE-2022-26090 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Improper ▁access ▁control ▁vulnerability ▁in ▁Samsung Contacts ▁prior ▁to SMR ▁Apr - 20 22 ▁Release ▁1 ▁allows ▁that ▁attackers ▁can ▁access ▁contact ▁in for matio n ▁without ▁per mi ssi ▁on . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
SHAP (words)
Improper access control vulnerability in SamsungContacts prior to SMR Apr- 2022 Release 1 allows that attackers can access contact information without permission
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper access control vulnerability in Samsung Contacts prior to SMR Apr - 202 ##2 Release 1 allows that attackers can access contact info ##r matio n without per ##mi ssi on . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper access control vulnerability in Samsung Contacts prior to SMR Apr - 202 ##2 Release 1 allows that attackers can access contact info ##r matio n without per ##mi ssi on . [SEP]
LIME (words)
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
SHAP (words)
Improper access control vulnerability in SamsungContacts prior to SMR Apr- 2022 Release 1 allows that attackers can access contact information without permission
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper access control vulnerability in Samsung Contacts prior to SMR Apr - 202 ##2 Release 1 allows that attackers can access contact info ##r matio n without per ##mi ssi on . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper access control vulnerability in Samsung Contacts prior to SMR Apr - 202 ##2 Release 1 allows that attackers can access contact info ##r matio n without per ##mi ssi on . [SEP]
LIME (words)
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
SHAP (words)
Improper access control vulnerability in SamsungContacts prior to SMR Apr- 2022 Release 1 allows that attackers can access contact information without permission
#23 · cve_id CVE-2017-12664 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
ImageMagick ▁7 . 0 . 6 - 2 ▁has ▁a ▁memory ▁leak ▁vulnerability ▁in Write ▁P ALM ▁Image ▁in coder s / pal m . c . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
SHAP (words)
ImageMagick 7. 0. 6- 2 has a memory leak vulnerability in WritePALMImage in coders/ palm. c
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ImageMagick 7 . 0 . 6 - 2 has a memory leak vulnerability in Write P ALM Image in coder s / palm . c . [SEP]
LRP (+Pred, pos-only)
[CLS] ImageMagick 7 . 0 . 6 - 2 has a memory leak vulnerability in Write P ALM Image in coder s / palm . c . [SEP]
LIME (words)
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
SHAP (words)
ImageMagick 7. 0. 6- 2 has a memory leak vulnerability in WritePALMImage in coders/ palm. c
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ImageMagick 7 . 0 . 6 - 2 has a memory leak vulnerability in Write P ALM Image in coder s / palm . c . [SEP]
LRP (+Pred, pos-only)
[CLS] ImageMagick 7 . 0 . 6 - 2 has a memory leak vulnerability in Write P ALM Image in coder s / palm . c . [SEP]
LIME (words)
ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage in coders/palm.c.
SHAP (words)
ImageMagick 7. 0. 6- 2 has a memory leak vulnerability in WritePALMImage in coders/ palm. c
#24 · cve_id CVE-2013-7172 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Slack ware ▁13 . 1 ▁13 . 37 ▁14 . 0 ▁and ▁14 . 1 ▁contain world-writable permissions ▁on ▁the io db ▁c test ▁and io db ▁c test w ▁programs ▁within ▁the lib io db ▁c ▁package ▁which ▁could ▁allow ▁local ▁users ▁to ▁use ▁R PATH ▁in for matio n ▁to ▁execute ▁arbitrary ▁code ▁with ▁root ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Slackware 13.1 13.37 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package which could allow local users to use RPATH information to execute arbitrary code with root privileges.
SHAP (words)
Slackware 13. 1 13. 37 14. 0 and 14. 1 contain world- writable permissions on the iodbctest and iodbctestw programs within the libiodbc package which could allow local users to use RPATH information to execute arbitrary code with root privileges
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Slack war ##e 13 . 1 13 . 37 14 . 0 and 14 . 1 contain world-writable permissions on the i ##o db c ##test and i ##o db c ##test ##w programs within the l ##ibi ##o db c package which could allow local users to use RP AT ##H info ##r matio n to exec u ##te arbitrary code with root privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] Slack war ##e 13 . 1 13 . 37 14 . 0 and 14 . 1 contain world-writable permissions on the i ##o db c ##test and i ##o db c ##test ##w programs within the l ##ibi ##o db c package which could allow local users to use RP AT ##H info ##r matio n to exec u ##te arbitrary code with root privileges . [SEP]
LIME (words)
Slackware 13.1 13.37 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package which could allow local users to use RPATH information to execute arbitrary code with root privileges.
SHAP (words)
Slackware 13. 1 13. 37 14. 0 and 14. 1 contain world- writable permissions on the iodbctest and iodbctestw programs within the libiodbc package which could allow local users to use RPATH information to execute arbitrary code with root privileges
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Slack war ##e 13 . 1 13 . 37 14 . 0 and 14 . 1 contain world-writable permissions on the i ##o db c ##test and i ##o db c ##test ##w programs within the l ##ibi ##o db c package which could allow local users to use RP AT ##H info ##r matio n to exec u ##te arbitrary code with root privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] Slack war ##e 13 . 1 13 . 37 14 . 0 and 14 . 1 contain world-writable permissions on the i ##o db c ##test and i ##o db c ##test ##w programs within the l ##ibi ##o db c package which could allow local users to use RP AT ##H info ##r matio n to exec u ##te arbitrary code with root privileges . [SEP]
LIME (words)
Slackware 13.1 13.37 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package which could allow local users to use RPATH information to execute arbitrary code with root privileges.
SHAP (words)
Slackware 13. 1 13. 37 14. 0 and 14. 1 contain world- writable permissions on the iodbctest and iodbctestw programs within the libiodbc package which could allow local users to use RPATH information to execute arbitrary code with root privileges
#25 · cve_id CVE-2013-0293 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
oVirt Node : ▁Lock sc re en ▁accepts ▁F 2 ▁to ▁drop ▁to ▁shell ▁causing ▁privilege escalation <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
SHAP (words)
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] oVirt Node : Lock sc re ##en accepts F ##2 to drop to shell causing privilege escalation [SEP]
LRP (+Pred, pos-only)
[CLS] oVirt Node : Lock sc re ##en accepts F ##2 to drop to shell causing privilege escalation [SEP]
LIME (words)
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
SHAP (words)
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] oVirt Node : Lock sc re ##en accepts F ##2 to drop to shell causing privilege escalation [SEP]
LRP (+Pred, pos-only)
[CLS] oVirt Node : Lock sc re ##en accepts F ##2 to drop to shell causing privilege escalation [SEP]
LIME (words)
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
SHAP (words)
oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation
#26 · cve_id CVE-2014-9720 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.91 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Tor na do ▁before ▁3 . 2 . 2 ▁sends ▁arbitrary ▁responses ▁that ▁contain ▁a ▁fixed CSRF ▁token ▁and ▁may ▁be ▁sent ▁with HTTP ▁comp re ssi ▁on ▁which ▁makes ▁it ▁easier ▁for ▁remote ▁attackers ▁to ▁conduct ▁a ▁B RE ACH ▁attack ▁and ▁determine ▁this ▁token ▁via ▁a ▁series ▁of ▁crafted ▁requests . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
SHAP (words)
Tornado before 3. 2. 2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tor ##nado before 3 . 2 . 2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP com ##p ##re ssi on which makes it easier for remote attackers to conduct a B RE ACH attack and determine this token via a series of crafted requests . [SEP]
LRP (+Pred, pos-only)
[CLS] Tor ##nado before 3 . 2 . 2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP com ##p ##re ssi on which makes it easier for remote attackers to conduct a B RE ACH attack and determine this token via a series of crafted requests . [SEP]
LIME (words)
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
SHAP (words)
Tornado before 3. 2. 2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tor ##nado before 3 . 2 . 2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP com ##p ##re ssi on which makes it easier for remote attackers to conduct a B RE ACH attack and determine this token via a series of crafted requests . [SEP]
LRP (+Pred, pos-only)
[CLS] Tor ##nado before 3 . 2 . 2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP com ##p ##re ssi on which makes it easier for remote attackers to conduct a B RE ACH attack and determine this token via a series of crafted requests . [SEP]
LIME (words)
Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.
SHAP (words)
Tornado before 3. 2. 2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests
#27 · cve_id CVE-2022-35248 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A improper authentication ▁vulnerability ▁exists ▁in ▁Rocket . Chat ▁< v 5 ▁< v 4 . 8 . 2 ▁and ▁< v 4 . 7 . 5 ▁that ▁allowed ▁two ▁factor authentication ▁can ▁be bypassed ▁when ▁telling ▁the ▁server ▁to ▁use CAS ▁during login . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A improper authentication vulnerability exists in Rocket.Chat <v5 <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.
SHAP (words)
A improper authentication vulnerability exists in Rocket. Chat < v5 < v4. 8. 2 and < v4. 7. 5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login
lrp-bert · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A improper authentication vulnerability exists in Rocket . Chat < v ##5 < v ##4 . 8 . 2 and < v ##4 . 7 . 5 that allowed two factor authentication can be bypassed when telling the server to use CAS d uri ng login . [SEP]
LRP (+Pred, pos-only)
[CLS] A improper authentication vulnerability exists in Rocket . Chat < v ##5 < v ##4 . 8 . 2 and < v ##4 . 7 . 5 that allowed two factor authentication can be bypassed when telling the server to use CAS d uri ng login . [SEP]
LIME (words)
A improper authentication vulnerability exists in Rocket.Chat <v5 <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.
SHAP (words)
A improper authentication vulnerability exists in Rocket. Chat < v5 < v4. 8. 2 and < v4. 7. 5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login
lrp-distilbert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A improper authentication vulnerability exists in Rocket . Chat < v ##5 < v ##4 . 8 . 2 and < v ##4 . 7 . 5 that allowed two factor authentication can be bypassed when telling the server to use CAS d uri ng login . [SEP]
LRP (+Pred, pos-only)
[CLS] A improper authentication vulnerability exists in Rocket . Chat < v ##5 < v ##4 . 8 . 2 and < v ##4 . 7 . 5 that allowed two factor authentication can be bypassed when telling the server to use CAS d uri ng login . [SEP]
LIME (words)
A improper authentication vulnerability exists in Rocket.Chat <v5 <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.
SHAP (words)
A improper authentication vulnerability exists in Rocket. Chat < v5 < v4. 8. 2 and < v4. 7. 5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login
#28 · cve_id CVE-2021-32808 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
ck ed itor ▁is ▁an ▁open ▁source WYSIWYG HTML ▁editor ▁with ▁rich ▁content ▁support . ▁A ▁vulnerability ▁has ▁been ▁di sc ▁over ed ▁in ▁the clipboard Widget plugin ▁if ▁used ▁along sid e ▁the undo ▁feature . ▁The ▁vulnerability ▁allows ▁a ▁user ▁to ▁abuse undo ▁functionality ▁using malformed widget HTML ▁which ▁could ▁result ▁in ▁executing JavaScript ▁code . ▁It ▁affects ▁all ▁users ▁using ▁the CKEditor ▁4 plugins ▁listed ▁above ▁at ▁version > = ▁4 . 13 . 0 . ▁The ▁problem ▁has ▁been ▁recognized ▁and patched . ▁The ▁fix ▁will ▁be ▁available ▁in ▁version ▁4 . 16 . 2 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.
SHAP (words)
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4. 13. 0. The problem has been recognized and patched. The fix will be available in version 4. 16. 2
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] c ##ked ##itor is an open source WYSIWYG HTML editor with rich content support . A vulnerability has been di sc over ##ed in the clipboard Widget plugin if used along sid e the und ##o feature . The vulnerability allows a user to abuse und ##o functionality using malformed widget HTML which could result in exec u ##ting JavaScript code . It affects all users using the CKEditor 4 plugins listed above at version > = 4 . 13 . 0 . The problem has been recognized and patched . The fix will be available in version 4 . 16 . 2 . [SEP]
LRP (+Pred, pos-only)
[CLS] c ##ked ##itor is an open source WYSIWYG HTML editor with rich content support . A vulnerability has been di sc over ##ed in the clipboard Widget plugin if used along sid e the und ##o feature . The vulnerability allows a user to abuse und ##o functionality using malformed widget HTML which could result in exec u ##ting JavaScript code . It affects all users using the CKEditor 4 plugins listed above at version > = 4 . 13 . 0 . The problem has been recognized and patched . The fix will be available in version 4 . 16 . 2 . [SEP]
LIME (words)
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.
SHAP (words)
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4. 13. 0. The problem has been recognized and patched. The fix will be available in version 4. 16. 2
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] c ##ked ##itor is an open source WYSIWYG HTML editor with rich content support . A vulnerability has been di sc over ##ed in the clipboard Widget plugin if used along sid e the und ##o feature . The vulnerability allows a user to abuse und ##o functionality using malformed widget HTML which could result in exec u ##ting JavaScript code . It affects all users using the CKEditor 4 plugins listed above at version > = 4 . 13 . 0 . The problem has been recognized and patched . The fix will be available in version 4 . 16 . 2 . [SEP]
LRP (+Pred, pos-only)
[CLS] c ##ked ##itor is an open source WYSIWYG HTML editor with rich content support . A vulnerability has been di sc over ##ed in the clipboard Widget plugin if used along sid e the und ##o feature . The vulnerability allows a user to abuse und ##o functionality using malformed widget HTML which could result in exec u ##ting JavaScript code . It affects all users using the CKEditor 4 plugins listed above at version > = 4 . 13 . 0 . The problem has been recognized and patched . The fix will be available in version 4 . 16 . 2 . [SEP]
LIME (words)
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2.
SHAP (words)
ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4. 13. 0. The problem has been recognized and patched. The fix will be available in version 4. 16. 2
#29 · cve_id CVE-2019-11931 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A stack-based ▁buffer overflow ▁could ▁be ▁triggered ▁in WhatsApp ▁by ▁sending ▁a spec i ally ▁crafted ▁MP 4 ▁file ▁to ▁a WhatsApp ▁user . ▁The ▁issue ▁was ▁present ▁in parsing ▁the ▁elementary ▁stream metadata ▁of ▁an ▁MP 4 ▁file ▁and ▁could ▁result ▁in ▁a DoS ▁or RCE . ▁This ▁affects ▁Android ▁versions ▁prior ▁to ▁2 . 19 . 27 4 ▁iOS ▁versions ▁prior ▁to ▁2 . 19 . 100 ▁Enterprise Client ▁versions ▁prior ▁to ▁2 . 25 . 3 ▁Business ▁for ▁Android ▁versions ▁prior ▁to ▁2 . 19 . 10 4 ▁and ▁Business ▁for ▁iOS ▁versions ▁prior ▁to ▁2 . 19 . 100 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274 iOS versions prior to 2.19.100 Enterprise Client versions prior to 2.25.3 Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
SHAP (words)
A stack- based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2. 19. 274 iOS versions prior to 2. 19. 100 Enterprise Client versions prior to 2. 25. 3 Business for Android versions prior to 2. 19. 104 and Business for iOS versions prior to 2. 19. 100
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A stack-based buffer overflow could be triggered in WhatsApp by sending a spec i ##ally crafted MP ##4 file to a WhatsApp user . The issue was present in parsing the el ##em ##en tar y stream metadata of an MP ##4 file and could result in a DoS or RCE . This affects Android versions prior to 2 . 19 . 27 ##4 iOS versions prior to 2 . 19 . 100 Enterprise Client versions prior to 2 . 25 . 3 Business for Android versions prior to 2 . 19 . 104 and Business for iOS versions prior to 2 . 19 . 100 . [SEP]
LRP (+Pred, pos-only)
[CLS] A stack-based buffer overflow could be triggered in WhatsApp by sending a spec i ##ally crafted MP ##4 file to a WhatsApp user . The issue was present in parsing the el ##em ##en tar y stream metadata of an MP ##4 file and could result in a DoS or RCE . This affects Android versions prior to 2 . 19 . 27 ##4 iOS versions prior to 2 . 19 . 100 Enterprise Client versions prior to 2 . 25 . 3 Business for Android versions prior to 2 . 19 . 104 and Business for iOS versions prior to 2 . 19 . 100 . [SEP]
LIME (words)
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274 iOS versions prior to 2.19.100 Enterprise Client versions prior to 2.25.3 Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
SHAP (words)
A stack- based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2. 19. 274 iOS versions prior to 2. 19. 100 Enterprise Client versions prior to 2. 25. 3 Business for Android versions prior to 2. 19. 104 and Business for iOS versions prior to 2. 19. 100
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A stack-based buffer overflow could be triggered in WhatsApp by sending a spec i ##ally crafted MP ##4 file to a WhatsApp user . The issue was present in parsing the el ##em ##en tar y stream metadata of an MP ##4 file and could result in a DoS or RCE . This affects Android versions prior to 2 . 19 . 27 ##4 iOS versions prior to 2 . 19 . 100 Enterprise Client versions prior to 2 . 25 . 3 Business for Android versions prior to 2 . 19 . 104 and Business for iOS versions prior to 2 . 19 . 100 . [SEP]
LRP (+Pred, pos-only)
[CLS] A stack-based buffer overflow could be triggered in WhatsApp by sending a spec i ##ally crafted MP ##4 file to a WhatsApp user . The issue was present in parsing the el ##em ##en tar y stream metadata of an MP ##4 file and could result in a DoS or RCE . This affects Android versions prior to 2 . 19 . 27 ##4 iOS versions prior to 2 . 19 . 100 Enterprise Client versions prior to 2 . 25 . 3 Business for Android versions prior to 2 . 19 . 104 and Business for iOS versions prior to 2 . 19 . 100 . [SEP]
LIME (words)
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274 iOS versions prior to 2.19.100 Enterprise Client versions prior to 2.25.3 Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
SHAP (words)
A stack- based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2. 19. 274 iOS versions prior to 2. 19. 100 Enterprise Client versions prior to 2. 25. 3 Business for Android versions prior to 2. 19. 104 and Business for iOS versions prior to 2. 19. 100
#30 · cve_id CVE-2021-38194 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁in ▁the ark - r 1 c s - st d crate ▁before ▁0 . 3 . 1 ▁for Rust . ▁It ▁does ▁not ▁enforce ▁any constraint s ▁in ▁the ▁Field V ar : : mul _ by _ in verse ▁method . ▁Thus ▁a ▁prove r ▁can ▁produce ▁a ▁proof ▁that ▁is ▁un sound ▁but ▁is ▁nonetheless ▁verified . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus a prover can produce a proof that is unsound but is nonetheless verified.
SHAP (words)
An issue was discovered in the ark- r1cs- std crate before 0. 3. 1 for Rust. It does not enforce any constraints in the FieldVar:: mul_by_inverse method. Thus a prover can produce a proof that is unsound but is nonetheless verified
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in the a ##rk - r ##1 ##cs - s ##t ##d crate before 0 . 3 . 1 for Rust . It does not enforce any constraint s in the Field ##V ##ar : : m ##ul _ by _ inverse method . Thus a prove ##r can produce a proof that is un ##sound but is nonetheless verified . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in the a ##rk - r ##1 ##cs - s ##t ##d crate before 0 . 3 . 1 for Rust . It does not enforce any constraint s in the Field ##V ##ar : : m ##ul _ by _ inverse method . Thus a prove ##r can produce a proof that is un ##sound but is nonetheless verified . [SEP]
LIME (words)
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus a prover can produce a proof that is unsound but is nonetheless verified.
SHAP (words)
An issue was discovered in the ark- r1cs- std crate before 0. 3. 1 for Rust. It does not enforce any constraints in the FieldVar:: mul_by_inverse method. Thus a prover can produce a proof that is unsound but is nonetheless verified
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed in the a ##rk - r ##1 ##cs - s ##t ##d crate before 0 . 3 . 1 for Rust . It does not enforce any constraint s in the Field ##V ##ar : : m ##ul _ by _ inverse method . Thus a prove ##r can produce a proof that is un ##sound but is nonetheless verified . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed in the a ##rk - r ##1 ##cs - s ##t ##d crate before 0 . 3 . 1 for Rust . It does not enforce any constraint s in the Field ##V ##ar : : m ##ul _ by _ inverse method . Thus a prove ##r can produce a proof that is un ##sound but is nonetheless verified . [SEP]
LIME (words)
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus a prover can produce a proof that is unsound but is nonetheless verified.
SHAP (words)
An issue was discovered in the ark- r1cs- std crate before 0. 3. 1 for Rust. It does not enforce any constraints in the FieldVar:: mul_by_inverse method. Thus a prover can produce a proof that is unsound but is nonetheless verified
#31 · cve_id CVE-2021-32522 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Improper ▁restriction ▁of ▁ex ce ssi ve authentication ▁at temp t s ▁vulnerability ▁in ▁Q SAN Storage Manage r XE VO SAN ▁OS ▁allows ▁remote ▁attackers ▁to ▁di sc ▁over users’ credential s ▁and ▁obtain ▁access ▁via ▁a brute ▁force ▁attack . Suggest ▁contacting ▁with ▁Q SAN ▁and ▁refer ▁to ▁recommendations ▁in ▁Q SAN Document . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager XEVO SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
SHAP (words)
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager XEVO SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper restriction of ex ##ce ssi ve authentication at temp t ##s vulnerability in Q SAN Storage Manage r XE V ##O SAN OS allows remote attackers to di sc over users’ credential s and obtain access via a brute force attack . Su ##gg ##est contact ##ing with Q SAN and refer to recommendations in Q SAN Document . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper restriction of ex ##ce ssi ve authentication at temp t ##s vulnerability in Q SAN Storage Manage r XE V ##O SAN OS allows remote attackers to di sc over users’ credential s and obtain access via a brute force attack . Su ##gg ##est contact ##ing with Q SAN and refer to recommendations in Q SAN Document . [SEP]
LIME (words)
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager XEVO SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
SHAP (words)
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager XEVO SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper restriction of ex ##ce ssi ve authentication at temp t ##s vulnerability in Q SAN Storage Manage r XE V ##O SAN OS allows remote attackers to di sc over users’ credential s and obtain access via a brute force attack . Su ##gg ##est contact ##ing with Q SAN and refer to recommendations in Q SAN Document . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper restriction of ex ##ce ssi ve authentication at temp t ##s vulnerability in Q SAN Storage Manage r XE V ##O SAN OS allows remote attackers to di sc over users’ credential s and obtain access via a brute force attack . Su ##gg ##est contact ##ing with Q SAN and refer to recommendations in Q SAN Document . [SEP]
LIME (words)
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager XEVO SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document.
SHAP (words)
Improper restriction of excessive authentication attempts vulnerability in QSAN Storage Manager XEVO SANOS allows remote attackers to discover users’ credentials and obtain access via a brute force attack. Suggest contacting with QSAN and refer to recommendations in QSAN Document
#32 · cve_id CVE-2023-2773 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁found ▁in ▁code - project s ▁Bus Dispatch ▁and ▁In for matio n ▁System ▁1 . 0 ▁and cla ssi fi ed ▁as ▁critical . Affected ▁by ▁this ▁vulnerability ▁is ▁an ▁unknown ▁functionality ▁of ▁the ▁file ▁view _ admin . php . ▁The ▁manipulation ▁of ▁the ▁argument admin id ▁leads ▁to sql inject ion . ▁The ▁attack ▁can ▁be ▁launched ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁The ▁associated identifier ▁of ▁this ▁vulnerability ▁is ▁V DB - 229 2 79 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
SHAP (words)
A vulnerability has been found in code- projects Bus Dispatch and Information System 1. 0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin. php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 229279
lrp-bert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been found in code - projects Bus Di ##sp ##atch and In ##fo ##r matio n System 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this vulnerability is an unknown functionality of the file view _ admin . php . The man ip ul ##ation of the argument admin id leads to sql inject ion . The attack can be launched remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 229 ##27 ##9 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been found in code - projects Bus Di ##sp ##atch and In ##fo ##r matio n System 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this vulnerability is an unknown functionality of the file view _ admin . php . The man ip ul ##ation of the argument admin id leads to sql inject ion . The attack can be launched remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 229 ##27 ##9 . [SEP]
LIME (words)
A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
SHAP (words)
A vulnerability has been found in code- projects Bus Dispatch and Information System 1. 0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin. php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 229279
lrp-distilbert · Pred=HIGH (2) · p=0.95 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been found in code - projects Bus Di ##sp ##atch and In ##fo ##r matio n System 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this vulnerability is an unknown functionality of the file view _ admin . php . The man ip ul ##ation of the argument admin id leads to sql inject ion . The attack can be launched remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 229 ##27 ##9 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been found in code - projects Bus Di ##sp ##atch and In ##fo ##r matio n System 1 . 0 and c ##la ssi fi ##ed as critical . Affected by this vulnerability is an unknown functionality of the file view _ admin . php . The man ip ul ##ation of the argument admin id leads to sql inject ion . The attack can be launched remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 229 ##27 ##9 . [SEP]
LIME (words)
A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.
SHAP (words)
A vulnerability has been found in code- projects Bus Dispatch and Information System 1. 0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin. php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 229279
#33 · cve_id CVE-2022-4561 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability cla ssi fi ed ▁as ▁problematic ▁has ▁been ▁found ▁in ▁Se man tic D rill down ▁Extension . Affected ▁is ▁the ▁function ▁print Filter ▁Line ▁of ▁the ▁file ▁includes / spec ial s / SD Browse Data Page . php ▁of ▁the ▁component GET Parameter Handler . ▁The ▁manipulation ▁of ▁the ▁argument ▁value ▁leads ▁to ▁cross ▁site scripting . ▁It ▁is ▁po ssi ble ▁to ▁launch ▁the ▁attack ▁remotely . ▁The ▁name ▁of ▁the ▁patch ▁is ▁6 e 18 cf 7 40 a 45 48 16 6 c 1 d 95 f 6 d 3 a 285 41 d 2 98 a 3 a a . ▁It ▁is ▁recommended ▁to ▁apply ▁a ▁patch ▁to ▁fix ▁this ▁issue . ▁The identifier ▁of ▁this ▁vulnerability ▁is ▁V DB - 2 159 64 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964.
SHAP (words)
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/ specials/ SDBrowseDataPage. php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB- 215964
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability c ##la ssi fi ##ed as problematic has been found in Se ##man ##tic ##D ##rill ##down Extension . Affected is the function p ##r int Filter Line of the file includes / spec i ##als / SD ##B ##rows ##e ##D ##ata ##P ##age . php of the component GET Parameter Handler . The man ip ul ##ation of the argument value leads to cross s ite scripting . It is p ##o ssi b ##le to launch the attack remotely . The name of the patch is 6 ##e ##18 ##c ##f ##7 ##40 ##a ##45 ##48 ##16 ##6 ##c ##1 ##d ##9 ##5 ##f ##6 ##d ##3 ##a ##28 ##5 ##41 ##d ##29 ##8 ##a ##3 ##aa . It is recommended to apply a patch to fix this issue . The identifier of this vulnerability is V ##D ##B - 215 ##9 ##64 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability c ##la ssi fi ##ed as problematic has been found in Se ##man ##tic ##D ##rill ##down Extension . Affected is the function p ##r int Filter Line of the file includes / spec i ##als / SD ##B ##rows ##e ##D ##ata ##P ##age . php of the component GET Parameter Handler . The man ip ul ##ation of the argument value leads to cross s ite scripting . It is p ##o ssi b ##le to launch the attack remotely . The name of the patch is 6 ##e ##18 ##c ##f ##7 ##40 ##a ##45 ##48 ##16 ##6 ##c ##1 ##d ##9 ##5 ##f ##6 ##d ##3 ##a ##28 ##5 ##41 ##d ##29 ##8 ##a ##3 ##aa . It is recommended to apply a patch to fix this issue . The identifier of this vulnerability is V ##D ##B - 215 ##9 ##64 . [SEP]
LIME (words)
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964.
SHAP (words)
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/ specials/ SDBrowseDataPage. php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB- 215964
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability c ##la ssi fi ##ed as problematic has been found in Se ##man ##tic ##D ##rill ##down Extension . Affected is the function p ##r int Filter Line of the file includes / spec i ##als / SD ##B ##rows ##e ##D ##ata ##P ##age . php of the component GET Parameter Handler . The man ip ul ##ation of the argument value leads to cross s ite scripting . It is p ##o ssi b ##le to launch the attack remotely . The name of the patch is 6 ##e ##18 ##c ##f ##7 ##40 ##a ##45 ##48 ##16 ##6 ##c ##1 ##d ##9 ##5 ##f ##6 ##d ##3 ##a ##28 ##5 ##41 ##d ##29 ##8 ##a ##3 ##aa . It is recommended to apply a patch to fix this issue . The identifier of this vulnerability is V ##D ##B - 215 ##9 ##64 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability c ##la ssi fi ##ed as problematic has been found in Se ##man ##tic ##D ##rill ##down Extension . Affected is the function p ##r int Filter Line of the file includes / spec i ##als / SD ##B ##rows ##e ##D ##ata ##P ##age . php of the component GET Parameter Handler . The man ip ul ##ation of the argument value leads to cross s ite scripting . It is p ##o ssi b ##le to launch the attack remotely . The name of the patch is 6 ##e ##18 ##c ##f ##7 ##40 ##a ##45 ##48 ##16 ##6 ##c ##1 ##d ##9 ##5 ##f ##6 ##d ##3 ##a ##28 ##5 ##41 ##d ##29 ##8 ##a ##3 ##aa . It is recommended to apply a patch to fix this issue . The identifier of this vulnerability is V ##D ##B - 215 ##9 ##64 . [SEP]
LIME (words)
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/specials/SDBrowseDataPage.php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215964.
SHAP (words)
A vulnerability classified as problematic has been found in SemanticDrilldown Extension. Affected is the function printFilterLine of the file includes/ specials/ SDBrowseDataPage. php of the component GET Parameter Handler. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 6e18cf740a4548166c1d95f6d3a28541d298a3aa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB- 215964
#34 · cve_id CVE-2017-18650 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁issue ▁was ▁di sc ▁over ed ▁on ▁Samsung mobi le ▁devices ▁with ▁N ( 7 . x ) ▁software . ▁There ▁is ▁a Wifi ▁State Mac hine ▁Il legal Argument Exception ▁and reboot ▁if ▁a malformed w pa _ s up plica nt . conf ▁is ▁read . ▁The ▁Samsung ▁ID ▁is S VE - 2017 - 98 28 ( October ▁2017 ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017).
SHAP (words)
An issue was discovered on Samsung mobile devices with N( 7. x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant. conf is read. The Samsung ID is SVE- 2017- 9828 ( October 2017
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with N ( 7 . x ) software . There is a Wifi State ##M ##achi ##ne Il ##leg ##al Argument Exception and reboot if a malformed w ##pa _ su ##pp ##lica ##nt . con ##f is read . The Samsung ID is SV ##E - 2017 - 98 ##28 ( October 2017 ) . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with N ( 7 . x ) software . There is a Wifi State ##M ##achi ##ne Il ##leg ##al Argument Exception and reboot if a malformed w ##pa _ su ##pp ##lica ##nt . con ##f is read . The Samsung ID is SV ##E - 2017 - 98 ##28 ( October 2017 ) . [SEP]
LIME (words)
An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017).
SHAP (words)
An issue was discovered on Samsung mobile devices with N( 7. x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant. conf is read. The Samsung ID is SVE- 2017- 9828 ( October 2017
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with N ( 7 . x ) software . There is a Wifi State ##M ##achi ##ne Il ##leg ##al Argument Exception and reboot if a malformed w ##pa _ su ##pp ##lica ##nt . con ##f is read . The Samsung ID is SV ##E - 2017 - 98 ##28 ( October 2017 ) . [SEP]
LRP (+Pred, pos-only)
[CLS] An issue was di sc over ##ed on Samsung mobi le dev ice ##s with N ( 7 . x ) software . There is a Wifi State ##M ##achi ##ne Il ##leg ##al Argument Exception and reboot if a malformed w ##pa _ su ##pp ##lica ##nt . con ##f is read . The Samsung ID is SV ##E - 2017 - 98 ##28 ( October 2017 ) . [SEP]
LIME (words)
An issue was discovered on Samsung mobile devices with N(7.x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant.conf is read. The Samsung ID is SVE-2017-9828 (October 2017).
SHAP (words)
An issue was discovered on Samsung mobile devices with N( 7. x) software. There is a WifiStateMachine IllegalArgumentException and reboot if a malformed wpa_supplicant. conf is read. The Samsung ID is SVE- 2017- 9828 ( October 2017
#35 · cve_id CVE-2021-41104 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.91 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
ESP Home ▁is ▁a ▁system ▁to ▁control ▁the ESP 82 66 / ESP 32 . ▁Anyone ▁with ▁web _ server ▁enabled ▁and HTTP ▁basic auth configured ▁on ▁version ▁20 21 . 9 . 1 ▁or ▁older ▁is ▁vulnerable ▁to ▁an ▁issue ▁in ▁which ▁` web _ server ` ▁allows over-the-air ( OTA ) ▁updates ▁without ▁checking ▁user ▁defined ▁basic auth username ▁& ▁password . ▁This ▁issue ▁is patched ▁in ▁version ▁20 21 . 9 . 2 . ▁As ▁a workaround ▁one ▁may disable ▁or ▁remove ▁` web _ server ` . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround one may disable or remove `web_server`.
SHAP (words)
ESPHome is a system to control the ESP8266/ ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021. 9. 1 or older is vulnerable to an issue in which ` web_server` allows over- the- air ( OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021. 9. 2. As a workaround one may disable or remove ` web_server
lrp-bert · Pred=NONE (0) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ES P ##H ##ome is a system to control the ES P ##8 ##26 ##6 / ES P ##32 . Anyone with web _ server enabled and HTTP basic auth configured on version 202 ##1 . 9 . 1 or older is vulnerable to an issue in which ` web _ server ` allows over-the-air ( OTA ) updates without checking user defined basic auth username & password . This issue is patched in version 202 ##1 . 9 . 2 . As a workaround one may disable or remove ` web _ server ` . [SEP]
LRP (+Pred, pos-only)
[CLS] ES P ##H ##ome is a system to control the ES P ##8 ##26 ##6 / ES P ##32 . Anyone with web _ server enabled and HTTP basic auth configured on version 202 ##1 . 9 . 1 or older is vulnerable to an issue in which ` web _ server ` allows over-the-air ( OTA ) updates without checking user defined basic auth username & password . This issue is patched in version 202 ##1 . 9 . 2 . As a workaround one may disable or remove ` web _ server ` . [SEP]
LIME (words)
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround one may disable or remove `web_server`.
SHAP (words)
ESPHome is a system to control the ESP8266/ ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021. 9. 1 or older is vulnerable to an issue in which ` web_server` allows over- the- air ( OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021. 9. 2. As a workaround one may disable or remove ` web_server
lrp-distilbert · Pred=HIGH (2) · p=0.90 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ES P ##H ##ome is a system to control the ES P ##8 ##26 ##6 / ES P ##32 . Anyone with web _ server enabled and HTTP basic auth configured on version 202 ##1 . 9 . 1 or older is vulnerable to an issue in which ` web _ server ` allows over-the-air ( OTA ) updates without checking user defined basic auth username & password . This issue is patched in version 202 ##1 . 9 . 2 . As a workaround one may disable or remove ` web _ server ` . [SEP]
LRP (+Pred, pos-only)
[CLS] ES P ##H ##ome is a system to control the ES P ##8 ##26 ##6 / ES P ##32 . Anyone with web _ server enabled and HTTP basic auth configured on version 202 ##1 . 9 . 1 or older is vulnerable to an issue in which ` web _ server ` allows over-the-air ( OTA ) updates without checking user defined basic auth username & password . This issue is patched in version 202 ##1 . 9 . 2 . As a workaround one may disable or remove ` web _ server ` . [SEP]
LIME (words)
ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which `web_server` allows over-the-air (OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021.9.2. As a workaround one may disable or remove `web_server`.
SHAP (words)
ESPHome is a system to control the ESP8266/ ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 2021. 9. 1 or older is vulnerable to an issue in which ` web_server` allows over- the- air ( OTA) updates without checking user defined basic auth username & password. This issue is patched in version 2021. 9. 2. As a workaround one may disable or remove ` web_server
#36 · cve_id CVE-2020-12840 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
ismartgate ▁PRO ▁1 . 5 . 9 ▁is ▁vulnerable ▁to CSRF ▁that ▁allows ▁remote ▁attackers ▁to upload ▁sound ▁files ▁via / index . php <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
SHAP (words)
ismartgate PRO 1. 5. 9 is vulnerable to CSRF that allows remote attackers to upload sound files via / index. php
lrp-bert · Pred=NONE (0) · p=0.90 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ismartgate PRO 1 . 5 . 9 is vulnerable to CSRF that allows remote attackers to upload sound files via / index . php [SEP]
LRP (+Pred, pos-only)
[CLS] ismartgate PRO 1 . 5 . 9 is vulnerable to CSRF that allows remote attackers to upload sound files via / index . php [SEP]
LIME (words)
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
SHAP (words)
ismartgate PRO 1. 5. 9 is vulnerable to CSRF that allows remote attackers to upload sound files via / index. php
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] ismartgate PRO 1 . 5 . 9 is vulnerable to CSRF that allows remote attackers to upload sound files via / index . php [SEP]
LRP (+Pred, pos-only)
[CLS] ismartgate PRO 1 . 5 . 9 is vulnerable to CSRF that allows remote attackers to upload sound files via / index . php [SEP]
LIME (words)
ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php
SHAP (words)
ismartgate PRO 1. 5. 9 is vulnerable to CSRF that allows remote attackers to upload sound files via / index. php
#37 · cve_id CVE-2021-4076 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A flaw ▁exists ▁in tang ▁a network-based cryptographic ▁binding ▁server ▁which ▁could ▁result ▁in ▁leak ▁of ▁private ▁keys . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A flaw exists in tang a network-based cryptographic binding server which could result in leak of private keys.
SHAP (words)
A flaw exists in tang a network- based cryptographic binding server which could result in leak of private keys
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A flaw exists in tan ##g a network-based cryptographic binding server which could result in leak of private keys . [SEP]
LRP (+Pred, pos-only)
[CLS] A flaw exists in tan ##g a network-based cryptographic binding server which could result in leak of private keys . [SEP]
LIME (words)
A flaw exists in tang a network-based cryptographic binding server which could result in leak of private keys.
SHAP (words)
A flaw exists in tang a network- based cryptographic binding server which could result in leak of private keys
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A flaw exists in tan ##g a network-based cryptographic binding server which could result in leak of private keys . [SEP]
LRP (+Pred, pos-only)
[CLS] A flaw exists in tan ##g a network-based cryptographic binding server which could result in leak of private keys . [SEP]
LIME (words)
A flaw exists in tang a network-based cryptographic binding server which could result in leak of private keys.
SHAP (words)
A flaw exists in tang a network- based cryptographic binding server which could result in leak of private keys
#38 · cve_id CVE-2022-22993 · a
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁limited SSRF ▁vulnerability ▁was ▁di sc ▁over ed ▁on ▁Western Digi tal ▁My ▁Cloud ▁devices ▁that ▁could ▁allow ▁an ▁attacker ▁to impersonate ▁a ▁server ▁and ▁reach ▁any ▁page ▁on ▁the ▁server ▁by bypassing ▁access ▁controls . ▁The ▁vulnerability ▁was ▁addressed ▁by ▁creating ▁a whitelist ▁for ▁valid param eter s . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
SHAP (words)
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters
lrp-bert · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A l ##im ite d SSRF vulnerability was di sc over ##ed on Western Digi ta ##l My Cloud dev ice ##s that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls . The vulnerability was addressed by creating a whitelist for valid param et ##ers . [SEP]
LRP (+Pred, pos-only)
[CLS] A l ##im ite d SSRF vulnerability was di sc over ##ed on Western Digi ta ##l My Cloud dev ice ##s that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls . The vulnerability was addressed by creating a whitelist for valid param et ##ers . [SEP]
LIME (words)
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
SHAP (words)
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters
lrp-distilbert · Pred=NONE (0) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A l ##im ite d SSRF vulnerability was di sc over ##ed on Western Digi ta ##l My Cloud dev ice ##s that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls . The vulnerability was addressed by creating a whitelist for valid param et ##ers . [SEP]
LRP (+Pred, pos-only)
[CLS] A l ##im ite d SSRF vulnerability was di sc over ##ed on Western Digi ta ##l My Cloud dev ice ##s that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls . The vulnerability was addressed by creating a whitelist for valid param et ##ers . [SEP]
LIME (words)
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
SHAP (words)
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters
#39 · cve_id CVE-2023-44082 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability ▁has ▁been ▁identified ▁in Tecno ▁mat ix ▁Plant Simulation ▁V 22 01 ( All ▁versions ▁< ▁V 22 01 . 000 9 ) Tecno ▁mat ix ▁Plant Simulation ▁V 23 02 ( All ▁versions ▁< ▁V 23 02 . 000 3 ) . ▁The ▁affected ▁application ▁contains ▁an ▁out ▁of ▁bound s ▁write ▁past ▁the ▁end ▁of ▁an allocate d ▁buffer ▁while parsing ▁a spec i ally ▁crafted S PP ▁file . ▁This ▁could ▁allow ▁an ▁attacker ▁to ▁execute ▁code ▁in ▁the ▁context ▁of ▁the ▁current ▁process . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009) Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
SHAP (words)
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 ( All versions < V2201. 0009) Tecnomatix Plant Simulation V2302 ( All versions < V2302. 0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Tecno mat ##ix Plant Simulation V ##22 ##01 ( All versions < V ##22 ##01 . 000 ##9 ) Tecno mat ##ix Plant Simulation V ##23 ##0 ##2 ( All versions < V ##23 ##0 ##2 . 000 ##3 ) . The affected application contains an out of bounds w ##r ite past the end of an allocate d buffer while parsing a spec i ##ally crafted SP ##P file . This could allow an attacker to exec u ##te code in the context of the current process . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Tecno mat ##ix Plant Simulation V ##22 ##01 ( All versions < V ##22 ##01 . 000 ##9 ) Tecno mat ##ix Plant Simulation V ##23 ##0 ##2 ( All versions < V ##23 ##0 ##2 . 000 ##3 ) . The affected application contains an out of bounds w ##r ite past the end of an allocate d buffer while parsing a spec i ##ally crafted SP ##P file . This could allow an attacker to exec u ##te code in the context of the current process . [SEP]
LIME (words)
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009) Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
SHAP (words)
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 ( All versions < V2201. 0009) Tecnomatix Plant Simulation V2302 ( All versions < V2302. 0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability has been identified in Tecno mat ##ix Plant Simulation V ##22 ##01 ( All versions < V ##22 ##01 . 000 ##9 ) Tecno mat ##ix Plant Simulation V ##23 ##0 ##2 ( All versions < V ##23 ##0 ##2 . 000 ##3 ) . The affected application contains an out of bounds w ##r ite past the end of an allocate d buffer while parsing a spec i ##ally crafted SP ##P file . This could allow an attacker to exec u ##te code in the context of the current process . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability has been identified in Tecno mat ##ix Plant Simulation V ##22 ##01 ( All versions < V ##22 ##01 . 000 ##9 ) Tecno mat ##ix Plant Simulation V ##23 ##0 ##2 ( All versions < V ##23 ##0 ##2 . 000 ##3 ) . The affected application contains an out of bounds w ##r ite past the end of an allocate d buffer while parsing a spec i ##ally crafted SP ##P file . This could allow an attacker to exec u ##te code in the context of the current process . [SEP]
LIME (words)
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009) Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.
SHAP (words)
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 ( All versions < V2201. 0009) Tecnomatix Plant Simulation V2302 ( All versions < V2302. 0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process
#40 · cve_id CVE-2022-39805 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Due ▁to ▁lack ▁of ▁proper ▁memory ▁man a gem ent ▁when ▁a ▁victim ▁opens ▁a ▁manipulated Compute r Graphics Metafile ( . c g m ▁C g m T ran sl ator . ex e ) ▁file ▁received ▁from untrusted ▁sources ▁in SAP ▁3 D ▁Visual ▁Enterprise Auth ▁or - ▁version ▁9 ▁it ▁is ▁po ssi ble ▁that ▁a Remote ▁Code Execution ▁can ▁be ▁triggered ▁when ▁payload ▁forces ▁a stack-based overflow ▁or ▁a re-use ▁of ▁dangling pointer ▁which ▁refers ▁to overwritten ▁space ▁in ▁memory . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Due to lack of proper memory management when a victim opens a manipulated Computer Graphics Metafile (.cgm CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9 it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
SHAP (words)
Due to lack of proper memory management when a victim opens a manipulated Computer Graphics Metafile (. cgm CgmTranslator. exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9 it is possible that a Remote Code Execution can be triggered when payload forces a stack- based overflow or a re- use of dangling pointer which refers to overwritten space in memory
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Due to lack of proper memory man ##a gem en ##t when a victim opens a man ip ul ##ated Compute r Graphics Metafile ( . c ##g ##m C ##g ##m ##T ##ran sl at ##or . ex ##e ) file received from untrusted sources in SAP 3D Visual Enterprise Auth or - version 9 it is p ##o ssi b ##le that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory . [SEP]
LRP (+Pred, pos-only)
[CLS] Due to lack of proper memory man ##a gem en ##t when a victim opens a man ip ul ##ated Compute r Graphics Metafile ( . c ##g ##m C ##g ##m ##T ##ran sl at ##or . ex ##e ) file received from untrusted sources in SAP 3D Visual Enterprise Auth or - version 9 it is p ##o ssi b ##le that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory . [SEP]
LIME (words)
Due to lack of proper memory management when a victim opens a manipulated Computer Graphics Metafile (.cgm CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9 it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
SHAP (words)
Due to lack of proper memory management when a victim opens a manipulated Computer Graphics Metafile (. cgm CgmTranslator. exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9 it is possible that a Remote Code Execution can be triggered when payload forces a stack- based overflow or a re- use of dangling pointer which refers to overwritten space in memory
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Due to lack of proper memory man ##a gem en ##t when a victim opens a man ip ul ##ated Compute r Graphics Metafile ( . c ##g ##m C ##g ##m ##T ##ran sl at ##or . ex ##e ) file received from untrusted sources in SAP 3D Visual Enterprise Auth or - version 9 it is p ##o ssi b ##le that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory . [SEP]
LRP (+Pred, pos-only)
[CLS] Due to lack of proper memory man ##a gem en ##t when a victim opens a man ip ul ##ated Compute r Graphics Metafile ( . c ##g ##m C ##g ##m ##T ##ran sl at ##or . ex ##e ) file received from untrusted sources in SAP 3D Visual Enterprise Auth or - version 9 it is p ##o ssi b ##le that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory . [SEP]
LIME (words)
Due to lack of proper memory management when a victim opens a manipulated Computer Graphics Metafile (.cgm CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9 it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
SHAP (words)
Due to lack of proper memory management when a victim opens a manipulated Computer Graphics Metafile (. cgm CgmTranslator. exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9 it is possible that a Remote Code Execution can be triggered when payload forces a stack- based overflow or a re- use of dangling pointer which refers to overwritten space in memory
#41 · cve_id CVE-2023-38489 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Kirby ▁is ▁a ▁content ▁man a gem ent ▁system . ▁A ▁vulnerability ▁in ▁versions ▁prior ▁to ▁3 . 5 . 8 . 3 ▁3 . 6 . 6 . 3 ▁3 . 7 . 5 . 2 ▁3 . 8 . 4 . 1 ▁and ▁3 . 9 . 6 ▁affects ▁all ▁Kirby ▁sites ▁with ▁user ▁accounts ( unless ▁Kirby ' s ▁API ▁and ▁Panel ▁are disable d ▁in ▁the config ) . ▁It ▁can ▁only ▁be ▁abused ▁if ▁a ▁Kirby ▁user ▁is ▁logged ▁in ▁on ▁a ▁device ▁or browse r ▁that ▁is ▁shared ▁with ▁potentially untrusted ▁users ▁or ▁if ▁an ▁attacker ▁already maliciously ▁used ▁a ▁previous ▁password ▁to ▁log ▁in ▁to ▁a ▁Kirby ▁site ▁as ▁the ▁affected ▁user . Insufficient ▁Se ssi ▁on ▁Ex piration ▁is ▁when ▁a ▁web ▁site ▁permits ▁an ▁attacker ▁to reuse ▁old se ssi ▁on credential s ▁or se ssi ▁on IDs ▁for auth ▁or ization . ▁In ▁the ▁variation desc ri bed ▁in ▁this ▁advisory ▁it ▁allows ▁attackers ▁to ▁stay ▁logged ▁in ▁to ▁a ▁Kirby ▁site ▁on ▁another ▁device ▁even ▁if ▁the ▁logged ▁in ▁user ▁has ▁since ▁changed ▁their ▁password . ▁Kirby ▁did ▁not invalidate ▁user se ssi ▁on s ▁that ▁were ▁created ▁with ▁a ▁password ▁that ▁was ▁since ▁changed ▁by ▁the ▁user ▁or ▁by ▁a ▁site admin . ▁If ▁a ▁user ▁changed ▁their ▁password ▁to ▁lock ▁out ▁an ▁attacker ▁who ▁was ▁already ▁in pos se ssi ▁on ▁of ▁the ▁previous ▁password ▁or ▁of ▁a login se ssi ▁on ▁on ▁another ▁device ▁or browse r ▁the ▁attacker ▁would ▁not ▁be ▁reliably ▁prevented ▁from accessing ▁the ▁Kirby ▁site ▁as ▁the ▁affected ▁user . The ▁problem ▁has ▁been patched ▁in ▁Kirby ▁3 . 5 . 8 . 3 ▁3 . 6 . 6 . 3 ▁3 . 7 . 5 . 2 ▁3 . 8 . 4 . 1 ▁and ▁3 . 9 . 6 . ▁In ▁all ▁of ▁the ▁mentioned ▁releases ▁the maintainers ▁have ▁updated ▁the authentication ▁implementation ▁to ▁keep ▁track ▁of ▁the hashed ▁password ▁in ▁each ▁active se ssi ▁on . ▁If ▁the ▁password ▁changed ▁since ▁the login ▁the se ssi ▁on ▁is invalidated . ▁To ▁enforce ▁this ▁fix ▁even ▁if ▁the ▁vulnerability ▁was ▁pre vi ou sl y ▁abused ▁all ▁users ▁are ▁logged ▁out ▁from ▁the ▁Kirby ▁site ▁after updating ▁to ▁one ▁of ▁the patched ▁releases . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3 3.6.6.3 3.7.5.2 3.8.4.1 and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user.Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser the attacker would not be reliably prevented from accessing the Kirby site as the affected user.The problem has been patched in Kirby 3.5.8.3 3.6.6.3 3.7.5.2 3.8.4.1 and 3.9.6. In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login the session is invalidated. To enforce this fix even if the vulnerability was previously abused all users are logged out from the Kirby site after updating to one of the patched releases.
SHAP (words)
Kirby is a content management system. A vulnerability in versions prior to 3. 5. 8. 3 3. 6. 6. 3 3. 7. 5. 2 3. 8. 4. 1 and 3. 9. 6 affects all Kirby sites with user accounts ( unless Kirby' s API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user. Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser the attacker would not be reliably prevented from accessing the Kirby site as the affected user. The problem has been patched in Kirby 3. 5. 8. 3 3. 6. 6. 3 3. 7. 5. 2 3. 8. 4. 1 and 3. 9. 6. In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login the session is invalidated. To enforce this fix even if the vulnerability was previously abused all users are logged out from the Kirby site after updating to one of the patched releases
lrp-bert · Pred=HIGH (2) · p=0.74 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Kirby is a content man ##a gem en ##t system . A vulnerability in versions prior to 3 . 5 . 8 . 3 3 . 6 . 6 . 3 3 . 7 . 5 . 2 3 . 8 . 4 . 1 and 3 . 9 . 6 affects all Kirby s ite s with user accounts ( unless Kirby ' s A PI and Panel are disable d in the config ) . It can only be abused if a Kirby user is logged in on a dev ice or browse r that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby s ite as the affected user . Insufficient Se ssi on Ex ##piration is when a web s ite permits an attacker to reuse old se ssi on credential s or se ssi on IDs for auth or ##ization . In the variation desc rib ##ed in this advisory it allows attackers to stay logged in to a Kirby s ite on another dev ice even if the logged in user has since changed their password . Kirby did not invalidate user se ssi on ##s that were created with a password that was since changed by the user or by a s ite admin . If a user changed their password to lock out an attacker who was already in p ##oss ##e ssi on of the previous password or of a login se ssi on on another dev ice or browse r the attacker would not be re ##lia ##bly prevented from accessing the Kirby s ite as the affected user . The problem has been patched in Kirby 3 . 5 . 8 . 3 3 . 6 . 6 . 3 3 . 7 . 5 . 2 3 . 8 . 4 . 1 and 3 . 9 . 6 . In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active se ssi on . If the password changed since the login the se ssi on is invalidated . To enforce this fix even if the vulnerability was pre ##vio ##u sl y abused all users are logged out from the Kirby s ite after updating to one of the patched releases . [SEP]
LRP (+Pred, pos-only)
[CLS] Kirby is a content man ##a gem en ##t system . A vulnerability in versions prior to 3 . 5 . 8 . 3 3 . 6 . 6 . 3 3 . 7 . 5 . 2 3 . 8 . 4 . 1 and 3 . 9 . 6 affects all Kirby s ite s with user accounts ( unless Kirby ' s A PI and Panel are disable d in the config ) . It can only be abused if a Kirby user is logged in on a dev ice or browse r that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby s ite as the affected user . Insufficient Se ssi on Ex ##piration is when a web s ite permits an attacker to reuse old se ssi on credential s or se ssi on IDs for auth or ##ization . In the variation desc rib ##ed in this advisory it allows attackers to stay logged in to a Kirby s ite on another dev ice even if the logged in user has since changed their password . Kirby did not invalidate user se ssi on ##s that were created with a password that was since changed by the user or by a s ite admin . If a user changed their password to lock out an attacker who was already in p ##oss ##e ssi on of the previous password or of a login se ssi on on another dev ice or browse r the attacker would not be re ##lia ##bly prevented from accessing the Kirby s ite as the affected user . The problem has been patched in Kirby 3 . 5 . 8 . 3 3 . 6 . 6 . 3 3 . 7 . 5 . 2 3 . 8 . 4 . 1 and 3 . 9 . 6 . In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active se ssi on . If the password changed since the login the se ssi on is invalidated . To enforce this fix even if the vulnerability was pre ##vio ##u sl y abused all users are logged out from the Kirby s ite after updating to one of the patched releases . [SEP]
LIME (words)
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3 3.6.6.3 3.7.5.2 3.8.4.1 and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user.Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser the attacker would not be reliably prevented from accessing the Kirby site as the affected user.The problem has been patched in Kirby 3.5.8.3 3.6.6.3 3.7.5.2 3.8.4.1 and 3.9.6. In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login the session is invalidated. To enforce this fix even if the vulnerability was previously abused all users are logged out from the Kirby site after updating to one of the patched releases.
SHAP (words)
Kirby is a content management system. A vulnerability in versions prior to 3. 5. 8. 3 3. 6. 6. 3 3. 7. 5. 2 3. 8. 4. 1 and 3. 9. 6 affects all Kirby sites with user accounts ( unless Kirby' s API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user. Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser the attacker would not be reliably prevented from accessing the Kirby site as the affected user. The problem has been patched in Kirby 3. 5. 8. 3 3. 6. 6. 3 3. 7. 5. 2 3. 8. 4. 1 and 3. 9. 6. In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login the session is invalidated. To enforce this fix even if the vulnerability was previously abused all users are logged out from the Kirby site after updating to one of the patched releases
lrp-distilbert · Pred=HIGH (2) · p=0.60 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Kirby is a content man ##a gem en ##t system . A vulnerability in versions prior to 3 . 5 . 8 . 3 3 . 6 . 6 . 3 3 . 7 . 5 . 2 3 . 8 . 4 . 1 and 3 . 9 . 6 affects all Kirby s ite s with user accounts ( unless Kirby ' s A PI and Panel are disable d in the config ) . It can only be abused if a Kirby user is logged in on a dev ice or browse r that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby s ite as the affected user . Insufficient Se ssi on Ex ##piration is when a web s ite permits an attacker to reuse old se ssi on credential s or se ssi on IDs for auth or ##ization . In the variation desc rib ##ed in this advisory it allows attackers to stay logged in to a Kirby s ite on another dev ice even if the logged in user has since changed their password . Kirby did not invalidate user se ssi on ##s that were created with a password that was since changed by the user or by a s ite admin . If a user changed their password to lock out an attacker who was already in p ##oss ##e ssi on of the previous password or of a login se ssi on on another dev ice or browse r the attacker would not be re ##lia ##bly prevented from accessing the Kirby s ite as the affected user . The problem has been patched in Kirby 3 . 5 . 8 . 3 3 . 6 . 6 . 3 3 . 7 . 5 . 2 3 . 8 . 4 . 1 and 3 . 9 . 6 . In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active se ssi on . If the password changed since the login the se ssi on is invalidated . To enforce this fix even if the vulnerability was pre ##vio ##u sl y abused all users are logged out from the Kirby s ite after updating to one of the patched releases . [SEP]
LRP (+Pred, pos-only)
[CLS] Kirby is a content man ##a gem en ##t system . A vulnerability in versions prior to 3 . 5 . 8 . 3 3 . 6 . 6 . 3 3 . 7 . 5 . 2 3 . 8 . 4 . 1 and 3 . 9 . 6 affects all Kirby s ite s with user accounts ( unless Kirby ' s A PI and Panel are disable d in the config ) . It can only be abused if a Kirby user is logged in on a dev ice or browse r that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby s ite as the affected user . Insufficient Se ssi on Ex ##piration is when a web s ite permits an attacker to reuse old se ssi on credential s or se ssi on IDs for auth or ##ization . In the variation desc rib ##ed in this advisory it allows attackers to stay logged in to a Kirby s ite on another dev ice even if the logged in user has since changed their password . Kirby did not invalidate user se ssi on ##s that were created with a password that was since changed by the user or by a s ite admin . If a user changed their password to lock out an attacker who was already in p ##oss ##e ssi on of the previous password or of a login se ssi on on another dev ice or browse r the attacker would not be re ##lia ##bly prevented from accessing the Kirby s ite as the affected user . The problem has been patched in Kirby 3 . 5 . 8 . 3 3 . 6 . 6 . 3 3 . 7 . 5 . 2 3 . 8 . 4 . 1 and 3 . 9 . 6 . In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active se ssi on . If the password changed since the login the se ssi on is invalidated . To enforce this fix even if the vulnerability was pre ##vio ##u sl y abused all users are logged out from the Kirby s ite after updating to one of the patched releases . [SEP]
LIME (words)
Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3 3.6.6.3 3.7.5.2 3.8.4.1 and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user.Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser the attacker would not be reliably prevented from accessing the Kirby site as the affected user.The problem has been patched in Kirby 3.5.8.3 3.6.6.3 3.7.5.2 3.8.4.1 and 3.9.6. In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login the session is invalidated. To enforce this fix even if the vulnerability was previously abused all users are logged out from the Kirby site after updating to one of the patched releases.
SHAP (words)
Kirby is a content management system. A vulnerability in versions prior to 3. 5. 8. 3 3. 6. 6. 3 3. 7. 5. 2 3. 8. 4. 1 and 3. 9. 6 affects all Kirby sites with user accounts ( unless Kirby' s API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user. Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser the attacker would not be reliably prevented from accessing the Kirby site as the affected user. The problem has been patched in Kirby 3. 5. 8. 3 3. 6. 6. 3 3. 7. 5. 2 3. 8. 4. 1 and 3. 9. 6. In all of the mentioned releases the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login the session is invalidated. To enforce this fix even if the vulnerability was previously abused all users are logged out from the Kirby site after updating to one of the patched releases
#42 · cve_id CVE-2022-46534 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Tenda ▁F 12 03 ▁V 2 . 0 . 1 . 6 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁buffer overflow ▁via ▁the ▁speed _ dir param eter ▁at / go form / S et Speed W an . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan.
SHAP (words)
Tenda F1203 V2. 0. 1. 6 was discovered to contain a buffer overflow via the speed_dir parameter at / goform/ SetSpeedWan
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tenda F1 ##20 ##3 V ##2 . 0 . 1 . 6 was di sc over ##ed to contain a buffer overflow via the speed _ dir param et ##er at / go ##form / Set ##S ##pe ##ed ##W ##an . [SEP]
LRP (+Pred, pos-only)
[CLS] Tenda F1 ##20 ##3 V ##2 . 0 . 1 . 6 was di sc over ##ed to contain a buffer overflow via the speed _ dir param et ##er at / go ##form / Set ##S ##pe ##ed ##W ##an . [SEP]
LIME (words)
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan.
SHAP (words)
Tenda F1203 V2. 0. 1. 6 was discovered to contain a buffer overflow via the speed_dir parameter at / goform/ SetSpeedWan
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Tenda F1 ##20 ##3 V ##2 . 0 . 1 . 6 was di sc over ##ed to contain a buffer overflow via the speed _ dir param et ##er at / go ##form / Set ##S ##pe ##ed ##W ##an . [SEP]
LRP (+Pred, pos-only)
[CLS] Tenda F1 ##20 ##3 V ##2 . 0 . 1 . 6 was di sc over ##ed to contain a buffer overflow via the speed _ dir param et ##er at / go ##form / Set ##S ##pe ##ed ##W ##an . [SEP]
LIME (words)
Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via the speed_dir parameter at /goform/SetSpeedWan.
SHAP (words)
Tenda F1203 V2. 0. 1. 6 was discovered to contain a buffer overflow via the speed_dir parameter at / goform/ SetSpeedWan
#43 · cve_id CVE-2020-27938 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁logic ▁issue ▁was ▁addressed ▁with ▁improved ▁state ▁man a gem ent . ▁This ▁issue ▁is ▁fixed ▁in macOS ▁Big ▁Sur ▁11 . 2 ▁Security Update ▁20 21 - 001 ▁Catalina ▁Security Update ▁20 21 - 001 Mojave macOS ▁Big ▁Sur ▁11 . 1 ▁Security Update ▁2020 - 001 ▁Catalina ▁Security Update ▁2020 - 00 7 Mojave . ▁A malicious ▁application ▁may ▁be ▁able ▁to elevate ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2 Security Update 2021-001 Catalina Security Update 2021-001 Mojave macOS Big Sur 11.1 Security Update 2020-001 Catalina Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.
SHAP (words)
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. 2 Security Update 2021- 001 Catalina Security Update 2021- 001 Mojave macOS Big Sur 11. 1 Security Update 2020- 001 Catalina Security Update 2020- 007 Mojave. A malicious application may be able to elevate privileges
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A logic issue was addressed with improved state man ##a gem en ##t . This issue is fixed in macOS Big Sur 11 . 2 Se ##c uri t ##y Update 202 ##1 - 00 ##1 Catalina Se ##c uri t ##y Update 202 ##1 - 00 ##1 Mojave macOS Big Sur 11 . 1 Se ##c uri t ##y Update 2020 - 00 ##1 Catalina Se ##c uri t ##y Update 2020 - 00 ##7 Mojave . A malicious application may be able to elevate privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] A logic issue was addressed with improved state man ##a gem en ##t . This issue is fixed in macOS Big Sur 11 . 2 Se ##c uri t ##y Update 202 ##1 - 00 ##1 Catalina Se ##c uri t ##y Update 202 ##1 - 00 ##1 Mojave macOS Big Sur 11 . 1 Se ##c uri t ##y Update 2020 - 00 ##1 Catalina Se ##c uri t ##y Update 2020 - 00 ##7 Mojave . A malicious application may be able to elevate privileges . [SEP]
LIME (words)
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2 Security Update 2021-001 Catalina Security Update 2021-001 Mojave macOS Big Sur 11.1 Security Update 2020-001 Catalina Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.
SHAP (words)
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. 2 Security Update 2021- 001 Catalina Security Update 2021- 001 Mojave macOS Big Sur 11. 1 Security Update 2020- 001 Catalina Security Update 2020- 007 Mojave. A malicious application may be able to elevate privileges
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A logic issue was addressed with improved state man ##a gem en ##t . This issue is fixed in macOS Big Sur 11 . 2 Se ##c uri t ##y Update 202 ##1 - 00 ##1 Catalina Se ##c uri t ##y Update 202 ##1 - 00 ##1 Mojave macOS Big Sur 11 . 1 Se ##c uri t ##y Update 2020 - 00 ##1 Catalina Se ##c uri t ##y Update 2020 - 00 ##7 Mojave . A malicious application may be able to elevate privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] A logic issue was addressed with improved state man ##a gem en ##t . This issue is fixed in macOS Big Sur 11 . 2 Se ##c uri t ##y Update 202 ##1 - 00 ##1 Catalina Se ##c uri t ##y Update 202 ##1 - 00 ##1 Mojave macOS Big Sur 11 . 1 Se ##c uri t ##y Update 2020 - 00 ##1 Catalina Se ##c uri t ##y Update 2020 - 00 ##7 Mojave . A malicious application may be able to elevate privileges . [SEP]
LIME (words)
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2 Security Update 2021-001 Catalina Security Update 2021-001 Mojave macOS Big Sur 11.1 Security Update 2020-001 Catalina Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.
SHAP (words)
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. 2 Security Update 2021- 001 Catalina Security Update 2021- 001 Mojave macOS Big Sur 11. 1 Security Update 2020- 001 Catalina Security Update 2020- 007 Mojave. A malicious application may be able to elevate privileges
#44 · cve_id CVE-2020-26928 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Certain NETGEAR ▁devices ▁are ▁affected ▁by authentication ▁bypass . ▁This ▁affects ▁C BR 40 ▁before ▁2 . 5 . 0 . 10 RB K 75 2 ▁before ▁3 . 2 . 15 . 25 ▁R BR 750 ▁before ▁3 . 2 . 15 . 25 ▁R BS 750 ▁before ▁3 . 2 . 15 . 25 RB K 85 2 ▁before ▁3 . 2 . 10 . 11 ▁R BR 8 50 ▁before ▁3 . 2 . 10 . 11 ▁and ▁R BS 8 50 ▁before ▁3 . 2 . 10 . 11 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10 RBK752 before 3.2.15.25 RBR750 before 3.2.15.25 RBS750 before 3.2.15.25 RBK852 before 3.2.10.11 RBR850 before 3.2.10.11 and RBS850 before 3.2.10.11.
SHAP (words)
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2. 5. 0. 10 RBK752 before 3. 2. 15. 25 RBR750 before 3. 2. 15. 25 RBS750 before 3. 2. 15. 25 RBK852 before 3. 2. 10. 11 RBR850 before 3. 2. 10. 11 and RBS850 before 3. 2. 10. 11
lrp-bert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Certain NETGEAR dev ice ##s are affected by authentication bypass . This affects CB ##R ##40 before 2 . 5 . 0 . 10 RB ##K ##75 ##2 before 3 . 2 . 15 . 25 RB ##R ##75 ##0 before 3 . 2 . 15 . 25 RB ##S ##75 ##0 before 3 . 2 . 15 . 25 RB ##K ##8 ##5 ##2 before 3 . 2 . 10 . 11 RB ##R ##8 ##50 before 3 . 2 . 10 . 11 and RB ##S ##8 ##50 before 3 . 2 . 10 . 11 . [SEP]
LRP (+Pred, pos-only)
[CLS] Certain NETGEAR dev ice ##s are affected by authentication bypass . This affects CB ##R ##40 before 2 . 5 . 0 . 10 RB ##K ##75 ##2 before 3 . 2 . 15 . 25 RB ##R ##75 ##0 before 3 . 2 . 15 . 25 RB ##S ##75 ##0 before 3 . 2 . 15 . 25 RB ##K ##8 ##5 ##2 before 3 . 2 . 10 . 11 RB ##R ##8 ##50 before 3 . 2 . 10 . 11 and RB ##S ##8 ##50 before 3 . 2 . 10 . 11 . [SEP]
LIME (words)
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10 RBK752 before 3.2.15.25 RBR750 before 3.2.15.25 RBS750 before 3.2.15.25 RBK852 before 3.2.10.11 RBR850 before 3.2.10.11 and RBS850 before 3.2.10.11.
SHAP (words)
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2. 5. 0. 10 RBK752 before 3. 2. 15. 25 RBR750 before 3. 2. 15. 25 RBS750 before 3. 2. 15. 25 RBK852 before 3. 2. 10. 11 RBR850 before 3. 2. 10. 11 and RBS850 before 3. 2. 10. 11
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Certain NETGEAR dev ice ##s are affected by authentication bypass . This affects CB ##R ##40 before 2 . 5 . 0 . 10 RB ##K ##75 ##2 before 3 . 2 . 15 . 25 RB ##R ##75 ##0 before 3 . 2 . 15 . 25 RB ##S ##75 ##0 before 3 . 2 . 15 . 25 RB ##K ##8 ##5 ##2 before 3 . 2 . 10 . 11 RB ##R ##8 ##50 before 3 . 2 . 10 . 11 and RB ##S ##8 ##50 before 3 . 2 . 10 . 11 . [SEP]
LRP (+Pred, pos-only)
[CLS] Certain NETGEAR dev ice ##s are affected by authentication bypass . This affects CB ##R ##40 before 2 . 5 . 0 . 10 RB ##K ##75 ##2 before 3 . 2 . 15 . 25 RB ##R ##75 ##0 before 3 . 2 . 15 . 25 RB ##S ##75 ##0 before 3 . 2 . 15 . 25 RB ##K ##8 ##5 ##2 before 3 . 2 . 10 . 11 RB ##R ##8 ##50 before 3 . 2 . 10 . 11 and RB ##S ##8 ##50 before 3 . 2 . 10 . 11 . [SEP]
LIME (words)
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10 RBK752 before 3.2.15.25 RBR750 before 3.2.15.25 RBS750 before 3.2.15.25 RBK852 before 3.2.10.11 RBR850 before 3.2.10.11 and RBS850 before 3.2.10.11.
SHAP (words)
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2. 5. 0. 10 RBK752 before 3. 2. 15. 25 RBR750 before 3. 2. 15. 25 RBS750 before 3. 2. 15. 25 RBK852 before 3. 2. 10. 11 RBR850 before 3. 2. 10. 11 and RBS850 before 3. 2. 10. 11
#45 · cve_id CVE-2022-32125 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁74 cms ▁SE ▁v 3 . 5 . 1 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁reflective cross-site scripting ( XSS ) ▁vulnerability ▁via ▁the ▁path / job . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
SHAP (words)
74cmsSE v3. 5. 1 was discovered to contain a reflective cross- site scripting ( XSS) vulnerability via the path / job
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] 74 cms SE v ##3 . 5 . 1 was di sc over ##ed to contain a reflective cross-site scripting ( XSS ) vulnerability via the path / job . [SEP]
LRP (+Pred, pos-only)
[CLS] 74 cms SE v ##3 . 5 . 1 was di sc over ##ed to contain a reflective cross-site scripting ( XSS ) vulnerability via the path / job . [SEP]
LIME (words)
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
SHAP (words)
74cmsSE v3. 5. 1 was discovered to contain a reflective cross- site scripting ( XSS) vulnerability via the path / job
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] 74 cms SE v ##3 . 5 . 1 was di sc over ##ed to contain a reflective cross-site scripting ( XSS ) vulnerability via the path / job . [SEP]
LRP (+Pred, pos-only)
[CLS] 74 cms SE v ##3 . 5 . 1 was di sc over ##ed to contain a reflective cross-site scripting ( XSS ) vulnerability via the path / job . [SEP]
LIME (words)
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.
SHAP (words)
74cmsSE v3. 5. 1 was discovered to contain a reflective cross- site scripting ( XSS) vulnerability via the path / job
#46 · cve_id CVE-2023-30436 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁IBM ▁Security Guardium ▁11 . 3 ▁11 . 4 ▁and ▁11 . 5 ▁is ▁vulnerable ▁to cross-site scripting . ▁This ▁vulnerability ▁allows ▁users ▁to embed ▁arbitrary JavaScript ▁code ▁in ▁the ▁Web UI ▁thus ▁alter ing ▁the ▁intended ▁functionality ▁potentially ▁leading ▁to credential s ▁di sc los ure ▁within ▁a ▁trusted se ssi ▁on . ▁IBM X-Force ▁ID : ▁25 229 2 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
IBM Security Guardium 11.3 11.4 and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292.
SHAP (words)
IBM Security Guardium 11. 3 11. 4 and 11. 5 is vulnerable to cross- site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X- Force ID: 252292
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM Se ##c uri t ##y Guardium 11 . 3 11 . 4 and 11 . 5 is vulnerable to cross-site scripting . This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ended functionality potentially leading to credential s di sc los ##ure within a trusted se ssi on . I BM X-Force ID : 252 ##29 ##2 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM Se ##c uri t ##y Guardium 11 . 3 11 . 4 and 11 . 5 is vulnerable to cross-site scripting . This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ended functionality potentially leading to credential s di sc los ##ure within a trusted se ssi on . I BM X-Force ID : 252 ##29 ##2 . [SEP]
LIME (words)
IBM Security Guardium 11.3 11.4 and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292.
SHAP (words)
IBM Security Guardium 11. 3 11. 4 and 11. 5 is vulnerable to cross- site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X- Force ID: 252292
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] I BM Se ##c uri t ##y Guardium 11 . 3 11 . 4 and 11 . 5 is vulnerable to cross-site scripting . This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ended functionality potentially leading to credential s di sc los ##ure within a trusted se ssi on . I BM X-Force ID : 252 ##29 ##2 . [SEP]
LRP (+Pred, pos-only)
[CLS] I BM Se ##c uri t ##y Guardium 11 . 3 11 . 4 and 11 . 5 is vulnerable to cross-site scripting . This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ended functionality potentially leading to credential s di sc los ##ure within a trusted se ssi on . I BM X-Force ID : 252 ##29 ##2 . [SEP]
LIME (words)
IBM Security Guardium 11.3 11.4 and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292.
SHAP (words)
IBM Security Guardium 11. 3 11. 4 and 11. 5 is vulnerable to cross- site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X- Force ID: 252292
#47 · cve_id CVE-2024-23651 · a
GT=NONE (0)
xlnet · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Build ▁Kit ▁is ▁a ▁tool kit ▁for ▁converting ▁source ▁code ▁to ▁build ▁artifacts ▁in ▁an ▁efficient ▁ex pre ssi ve ▁and repeatable ▁manner . ▁Two malicious ▁build ▁steps ▁running ▁in ▁parallel ▁sharing ▁the ▁same ▁cache ▁mount s ▁with ▁sub path s ▁could ▁cause ▁a ▁race ▁condition ▁that ▁can ▁lead ▁to ▁files ▁from ▁the ▁host ▁system ▁being acce ssi ble ▁to ▁the ▁build ▁container . ▁The ▁issue ▁has ▁been ▁fixed ▁in ▁v 0 . 12 . 5 . ▁Work around s ▁include ▁avoiding ▁using Build ▁Kit frontend ▁from ▁an untrusted ▁source ▁or ▁building ▁an untrusted Docker ▁file ▁containing ▁cache ▁mount s ▁with - - mount = type = c ache ▁source = . . . ▁options . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
BuildKit is a toolkit for converting source code to build artifacts in an efficient expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache source=... options.
SHAP (words)
BuildKit is a toolkit for converting source code to build artifacts in an efficient expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0. 12. 5. Workarounds include avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with -- mount= type= cache source=... options
lrp-bert · Pred=HIGH (2) · p=0.98 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Build Kit is a tool ##ki ##t for converting source code to build artifacts in an efficient ex ##p ##re ssi ve and repeatable manner . Two malicious build steps running in parallel sharing the same cache mounts with sub ##path ##s could cause a race condition that can lead to files from the host system being a ##cc ##e ssi b ##le to the build container . The issue has been fixed in v ##0 . 12 . 5 . Work ##around ##s include avoiding using Build Kit frontend from an untrusted source or building an untrusted Docker file containing cache mounts with - - mount = type = cache source = . . . options . [SEP]
LRP (+Pred, pos-only)
[CLS] Build Kit is a tool ##ki ##t for converting source code to build artifacts in an efficient ex ##p ##re ssi ve and repeatable manner . Two malicious build steps running in parallel sharing the same cache mounts with sub ##path ##s could cause a race condition that can lead to files from the host system being a ##cc ##e ssi b ##le to the build container . The issue has been fixed in v ##0 . 12 . 5 . Work ##around ##s include avoiding using Build Kit frontend from an untrusted source or building an untrusted Docker file containing cache mounts with - - mount = type = cache source = . . . options . [SEP]
LIME (words)
BuildKit is a toolkit for converting source code to build artifacts in an efficient expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache source=... options.
SHAP (words)
BuildKit is a toolkit for converting source code to build artifacts in an efficient expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0. 12. 5. Workarounds include avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with -- mount= type= cache source=... options
lrp-distilbert · Pred=HIGH (2) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Build Kit is a tool ##ki ##t for converting source code to build artifacts in an efficient ex ##p ##re ssi ve and repeatable manner . Two malicious build steps running in parallel sharing the same cache mounts with sub ##path ##s could cause a race condition that can lead to files from the host system being a ##cc ##e ssi b ##le to the build container . The issue has been fixed in v ##0 . 12 . 5 . Work ##around ##s include avoiding using Build Kit frontend from an untrusted source or building an untrusted Docker file containing cache mounts with - - mount = type = cache source = . . . options . [SEP]
LRP (+Pred, pos-only)
[CLS] Build Kit is a tool ##ki ##t for converting source code to build artifacts in an efficient ex ##p ##re ssi ve and repeatable manner . Two malicious build steps running in parallel sharing the same cache mounts with sub ##path ##s could cause a race condition that can lead to files from the host system being a ##cc ##e ssi b ##le to the build container . The issue has been fixed in v ##0 . 12 . 5 . Work ##around ##s include avoiding using Build Kit frontend from an untrusted source or building an untrusted Docker file containing cache mounts with - - mount = type = cache source = . . . options . [SEP]
LIME (words)
BuildKit is a toolkit for converting source code to build artifacts in an efficient expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache source=... options.
SHAP (words)
BuildKit is a toolkit for converting source code to build artifacts in an efficient expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0. 12. 5. Workarounds include avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with -- mount= type= cache source=... options
#48 · cve_id CVE-2022-21369 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the PeopleSoft ▁Enterprise PeopleTools ▁product ▁of ▁Oracle PeopleSoft ( com ponent : ▁Rich ▁Text ▁Editor ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁8 . 57 ▁8 . 58 ▁and ▁8 . 59 . Easily exploitable ▁vulnerability ▁allows unauthenticated ▁attacker ▁with ▁network ▁access ▁via HTTP ▁to ▁compromise PeopleSoft ▁Enterprise PeopleTools . Successful ▁attacks ▁require ▁human ▁interaction ▁from ▁a ▁person ▁other ▁than ▁the ▁attacker ▁and ▁while ▁the ▁vulnerability ▁is ▁in PeopleSoft ▁Enterprise PeopleTools ▁attacks ▁may ▁significantly ▁impact ▁additional ▁products . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁update ▁insert ▁or delete ▁access ▁to ▁some ▁of PeopleSoft ▁Enterprise PeopleTools acce ssi ble ▁data ▁as ▁well ▁as unauthorized ▁read ▁access ▁to ▁a ▁subset ▁of PeopleSoft ▁Enterprise PeopleTools acce ssi ble ▁data . CVSS ▁3 . 1 ▁Base ▁Score ▁6 . 1 ( Con fid ential ity ▁and Integrity ▁impacts ) . CVSS Vector : ( CVSS : 3 . 1/ AV : N / AC : L / PR : N / UI : R / S : C / C : L / I : L / A : N ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.57 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
SHAP (words)
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft ( component: Rich Text Editor). Supported versions that are affected are 8. 57 8. 58 and 8. 59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3. 1 Base Score 6. 1 ( Confidentiality and Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: R/ S: C/ C: L/ I: L/ A: N
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft ( component : Rich Text Editor ) . Supported versions that are affected are 8 . 57 8 . 58 and 8 . 59 . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools a ##cc ##e ssi b ##le data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 6 . 1 ( Con fid en ##tial ##ity and Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : R / S : C / C : L / I : L / A : N ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft ( component : Rich Text Editor ) . Supported versions that are affected are 8 . 57 8 . 58 and 8 . 59 . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools a ##cc ##e ssi b ##le data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 6 . 1 ( Con fid en ##tial ##ity and Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : R / S : C / C : L / I : L / A : N ) . [SEP]
LIME (words)
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.57 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
SHAP (words)
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft ( component: Rich Text Editor). Supported versions that are affected are 8. 57 8. 58 and 8. 59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3. 1 Base Score 6. 1 ( Confidentiality and Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: R/ S: C/ C: L/ I: L/ A: N
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft ( component : Rich Text Editor ) . Supported versions that are affected are 8 . 57 8 . 58 and 8 . 59 . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools a ##cc ##e ssi b ##le data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 6 . 1 ( Con fid en ##tial ##ity and Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : R / S : C / C : L / I : L / A : N ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft ( component : Rich Text Editor ) . Supported versions that are affected are 8 . 57 8 . 58 and 8 . 59 . Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools . Successful attacks require human int era ##ction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products . Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools a ##cc ##e ssi b ##le data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 6 . 1 ( Con fid en ##tial ##ity and Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : N / UI : R / S : C / C : L / I : L / A : N ) . [SEP]
LIME (words)
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.57 8.58 and 8.59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
SHAP (words)
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft ( component: Rich Text Editor). Supported versions that are affected are 8. 57 8. 58 and 8. 59. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3. 1 Base Score 6. 1 ( Confidentiality and Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: N/ UI: R/ S: C/ C: L/ I: L/ A: N
#49 · cve_id CVE-2020-19855 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
php w cms ▁v 1 . 9 ▁contains ▁a cross-site scripting ( XSS ) ▁vulnerability ▁in / image _ zo om . php . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
SHAP (words)
phpwcms v1. 9 contains a cross- site scripting ( XSS) vulnerability in / image_zoom. php
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] php w cms v ##1 . 9 contains a cross-site scripting ( XSS ) vulnerability in / image _ zoo ##m . php . [SEP]
LRP (+Pred, pos-only)
[CLS] php w cms v ##1 . 9 contains a cross-site scripting ( XSS ) vulnerability in / image _ zoo ##m . php . [SEP]
LIME (words)
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
SHAP (words)
phpwcms v1. 9 contains a cross- site scripting ( XSS) vulnerability in / image_zoom. php
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] php w cms v ##1 . 9 contains a cross-site scripting ( XSS ) vulnerability in / image _ zoo ##m . php . [SEP]
LRP (+Pred, pos-only)
[CLS] php w cms v ##1 . 9 contains a cross-site scripting ( XSS ) vulnerability in / image _ zoo ##m . php . [SEP]
LIME (words)
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
SHAP (words)
phpwcms v1. 9 contains a cross- site scripting ( XSS) vulnerability in / image_zoom. php
#50 · cve_id CVE-2020-10479 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
CSRF ▁in admin / add - news . php ▁in Chadha PHPKB ▁Standard Multi-Language ▁9 ▁allows ▁attackers ▁to ▁add ▁a ▁new ▁news ▁article ▁via ▁a ▁crafted ▁request . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
SHAP (words)
CSRF in admin/ add- news. php in Chadha PHPKB Standard Multi- Language 9 allows attackers to add a new news article via a crafted request
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] CSRF in admin / add - news . php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request . [SEP]
LRP (+Pred, pos-only)
[CLS] CSRF in admin / add - news . php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request . [SEP]
LIME (words)
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
SHAP (words)
CSRF in admin/ add- news. php in Chadha PHPKB Standard Multi- Language 9 allows attackers to add a new news article via a crafted request
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] CSRF in admin / add - news . php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request . [SEP]
LRP (+Pred, pos-only)
[CLS] CSRF in admin / add - news . php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request . [SEP]
LIME (words)
CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new news article via a crafted request.
SHAP (words)
CSRF in admin/ add- news. php in Chadha PHPKB Standard Multi- Language 9 allows attackers to add a new news article via a crafted request
#51 · cve_id CVE-2021-21210 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Inappropriate ▁implementation ▁in ▁Network ▁in ▁Google Chrome ▁prior ▁to ▁90 . 0 . 44 30 . 72 ▁allowed ▁a ▁remote ▁attacker ▁to ▁potentially ▁access ▁local UDP ▁ports ▁via ▁a ▁crafted HTML ▁page . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
SHAP (words)
Inappropriate implementation in Network in Google Chrome prior to 90. 0. 4430. 72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page
lrp-bert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Inappropriate implementation in Network in Google Chrome prior to 90 . 0 . 44 ##30 . 72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Inappropriate implementation in Network in Google Chrome prior to 90 . 0 . 44 ##30 . 72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page . [SEP]
LIME (words)
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
SHAP (words)
Inappropriate implementation in Network in Google Chrome prior to 90. 0. 4430. 72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Inappropriate implementation in Network in Google Chrome prior to 90 . 0 . 44 ##30 . 72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page . [SEP]
LRP (+Pred, pos-only)
[CLS] Inappropriate implementation in Network in Google Chrome prior to 90 . 0 . 44 ##30 . 72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page . [SEP]
LIME (words)
Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page.
SHAP (words)
Inappropriate implementation in Network in Google Chrome prior to 90. 0. 4430. 72 allowed a remote attacker to potentially access local UDP ports via a crafted HTML page
#52 · cve_id CVE-2023-2371 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁vulnerability cla ssi fi ed ▁as ▁critical ▁was ▁found ▁in SourceCodester ▁Online ▁DJ Manage ment ▁System ▁1 . 0 . Affected ▁by ▁this ▁vulnerability ▁is ▁an ▁unknown ▁functionality ▁of ▁the ▁file admin / in qui ries / view _ de tail s . php ▁of ▁the ▁component GET Parameter Handler . ▁The ▁manipulation ▁of ▁the ▁argument id ▁leads ▁to sql inject ion . ▁The ▁attack ▁can ▁be ▁launched ▁remotely . ▁The ▁exploit ▁has ▁been disclose d ▁to ▁the ▁public ▁and ▁may ▁be ▁used . ▁The ▁associated identifier ▁of ▁this ▁vulnerability ▁is ▁V DB - 22 76 47 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.
SHAP (words)
A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1. 0. Affected by this vulnerability is an unknown functionality of the file admin/ inquiries/ view_details. php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 227647
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability c ##la ssi fi ##ed as critical was found in SourceCodester Online DJ Manage men ##t System 1 . 0 . Affected by this vulnerability is an unknown functionality of the file admin / in ##quiries / view _ details . php of the component GET Parameter Handler . The man ip ul ##ation of the argument id leads to sql inject ion . The attack can be launched remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 227 ##64 ##7 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability c ##la ssi fi ##ed as critical was found in SourceCodester Online DJ Manage men ##t System 1 . 0 . Affected by this vulnerability is an unknown functionality of the file admin / in ##quiries / view _ details . php of the component GET Parameter Handler . The man ip ul ##ation of the argument id leads to sql inject ion . The attack can be launched remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 227 ##64 ##7 . [SEP]
LIME (words)
A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.
SHAP (words)
A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1. 0. Affected by this vulnerability is an unknown functionality of the file admin/ inquiries/ view_details. php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 227647
lrp-distilbert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A vulnerability c ##la ssi fi ##ed as critical was found in SourceCodester Online DJ Manage men ##t System 1 . 0 . Affected by this vulnerability is an unknown functionality of the file admin / in ##quiries / view _ details . php of the component GET Parameter Handler . The man ip ul ##ation of the argument id leads to sql inject ion . The attack can be launched remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 227 ##64 ##7 . [SEP]
LRP (+Pred, pos-only)
[CLS] A vulnerability c ##la ssi fi ##ed as critical was found in SourceCodester Online DJ Manage men ##t System 1 . 0 . Affected by this vulnerability is an unknown functionality of the file admin / in ##quiries / view _ details . php of the component GET Parameter Handler . The man ip ul ##ation of the argument id leads to sql inject ion . The attack can be launched remotely . The exploit has been disclose d to the public and may be used . The associated identifier of this vulnerability is V ##D ##B - 227 ##64 ##7 . [SEP]
LIME (words)
A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.
SHAP (words)
A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1. 0. Affected by this vulnerability is an unknown functionality of the file admin/ inquiries/ view_details. php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB- 227647
#53 · cve_id CVE-2021-31978 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Microsoft Defender Denial ▁of ▁Service Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Microsoft Defender Denial of Service Vulnerability
SHAP (words)
Microsoft Defender Denial of Service Vulnerability
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Defender Denial of Service Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Defender Denial of Service Vulnerability [SEP]
LIME (words)
Microsoft Defender Denial of Service Vulnerability
SHAP (words)
Microsoft Defender Denial of Service Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Microsoft Defender Denial of Service Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Microsoft Defender Denial of Service Vulnerability [SEP]
LIME (words)
Microsoft Defender Denial of Service Vulnerability
SHAP (words)
Microsoft Defender Denial of Service Vulnerability
#54 · cve_id CVE-2020-16206 · a
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁The ▁affected ▁product ▁is ▁vulnerable ▁to ▁stored cross-site scripting ▁which ▁may ▁allow ▁an ▁attacker ▁to ▁remotely ▁execute ▁arbitrary ▁code ▁to ▁gain ▁access ▁to ▁sensitive ▁data ▁on ▁the ▁N - T ron ▁70 2 - W / ▁70 2 M 12 - W ( all ▁versions ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
The affected product is vulnerable to stored cross-site scripting which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
SHAP (words)
The affected product is vulnerable to stored cross- site scripting which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N- Tron 702- W / 702M12- W ( all versions
lrp-bert · Pred=NONE (0) · p=0.97 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The affected product is vulnerable to stored cross-site scripting which may allow an attacker to remotely exec u ##te arbitrary code to gain access to sensitive data on the N - T ##ron 70 ##2 - W / 70 ##2 ##M ##12 - W ( all versions ) . [SEP]
LRP (+Pred, pos-only)
[CLS] The affected product is vulnerable to stored cross-site scripting which may allow an attacker to remotely exec u ##te arbitrary code to gain access to sensitive data on the N - T ##ron 70 ##2 - W / 70 ##2 ##M ##12 - W ( all versions ) . [SEP]
LIME (words)
The affected product is vulnerable to stored cross-site scripting which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
SHAP (words)
The affected product is vulnerable to stored cross- site scripting which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N- Tron 702- W / 702M12- W ( all versions
lrp-distilbert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] The affected product is vulnerable to stored cross-site scripting which may allow an attacker to remotely exec u ##te arbitrary code to gain access to sensitive data on the N - T ##ron 70 ##2 - W / 70 ##2 ##M ##12 - W ( all versions ) . [SEP]
LRP (+Pred, pos-only)
[CLS] The affected product is vulnerable to stored cross-site scripting which may allow an attacker to remotely exec u ##te arbitrary code to gain access to sensitive data on the N - T ##ron 70 ##2 - W / 70 ##2 ##M ##12 - W ( all versions ) . [SEP]
LIME (words)
The affected product is vulnerable to stored cross-site scripting which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N-Tron 702-W / 702M12-W (all versions).
SHAP (words)
The affected product is vulnerable to stored cross- site scripting which may allow an attacker to remotely execute arbitrary code to gain access to sensitive data on the N- Tron 702- W / 702M12- W ( all versions
#55 · cve_id CVE-2023-28432 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Mini o ▁is ▁a ▁Multi - Cloud Object Storage ▁framework . ▁In ▁a ▁cluster ▁deployment ▁starting ▁with REL EAS ▁E . 20 19 - 12 - 17 T 23 - 16 - 33 Z ▁and ▁prior ▁to REL EAS ▁E . 20 23 - 03 - 20 T 20 - 16 - 18 Z ▁Min IO ▁returns ▁all ▁environment ▁variables ▁including ▁` MIN IO _ S EC RET _ KEY ` and ▁` MIN IO _ ROO T _ PAS ▁SW OR D ` ▁resulting ▁in ▁in for matio n ▁di sc los ure . ▁All ▁users ▁of ▁distributed ▁deployment ▁are ▁impacted . ▁All ▁users ▁are ▁advised ▁to ▁upgrade ▁to REL EAS ▁E . 20 23 - 03 - 20 T 20 - 16 - 18 Z . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z MinIO returns all environment variables including `MINIO_SECRET_KEY`and `MINIO_ROOT_PASSWORD` resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
SHAP (words)
Minio is a Multi- Cloud Object Storage framework. In a cluster deployment starting with RELEASE. 2019- 12- 17T23- 16- 33Z and prior to RELEASE. 2023- 03- 20T20- 16- 18Z MinIO returns all environment variables including ` MINIO_SECRET_KEY` and ` MINIO_ROOT_PASSWORD` resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE. 2023- 03- 20T20- 16- 18Z
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mini ##o is a Multi - Cloud Object Storage framework . In a cluster deployment s tar tin ##g with RE LE AS ##E . 2019 - 12 - 17 ##T ##23 - 16 - 33 ##Z and prior to RE LE AS ##E . 202 ##3 - 03 - 20 ##T ##20 - 16 - 18 ##Z Min IO returns all environment variables including ` MI ##N IO _ SEC RE T _ K ##E ##Y ` and ` MI ##N IO _ R ##O ##OT _ PAS SW OR ##D ` resulting in info ##r matio n di sc los ##ure . All users of distributed deployment are impacted . All users are advised to upgrade to RE LE AS ##E . 202 ##3 - 03 - 20 ##T ##20 - 16 - 18 ##Z . [SEP]
LRP (+Pred, pos-only)
[CLS] Mini ##o is a Multi - Cloud Object Storage framework . In a cluster deployment s tar tin ##g with RE LE AS ##E . 2019 - 12 - 17 ##T ##23 - 16 - 33 ##Z and prior to RE LE AS ##E . 202 ##3 - 03 - 20 ##T ##20 - 16 - 18 ##Z Min IO returns all environment variables including ` MI ##N IO _ SEC RE T _ K ##E ##Y ` and ` MI ##N IO _ R ##O ##OT _ PAS SW OR ##D ` resulting in info ##r matio n di sc los ##ure . All users of distributed deployment are impacted . All users are advised to upgrade to RE LE AS ##E . 202 ##3 - 03 - 20 ##T ##20 - 16 - 18 ##Z . [SEP]
LIME (words)
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z MinIO returns all environment variables including `MINIO_SECRET_KEY`and `MINIO_ROOT_PASSWORD` resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
SHAP (words)
Minio is a Multi- Cloud Object Storage framework. In a cluster deployment starting with RELEASE. 2019- 12- 17T23- 16- 33Z and prior to RELEASE. 2023- 03- 20T20- 16- 18Z MinIO returns all environment variables including ` MINIO_SECRET_KEY` and ` MINIO_ROOT_PASSWORD` resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE. 2023- 03- 20T20- 16- 18Z
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mini ##o is a Multi - Cloud Object Storage framework . In a cluster deployment s tar tin ##g with RE LE AS ##E . 2019 - 12 - 17 ##T ##23 - 16 - 33 ##Z and prior to RE LE AS ##E . 202 ##3 - 03 - 20 ##T ##20 - 16 - 18 ##Z Min IO returns all environment variables including ` MI ##N IO _ SEC RE T _ K ##E ##Y ` and ` MI ##N IO _ R ##O ##OT _ PAS SW OR ##D ` resulting in info ##r matio n di sc los ##ure . All users of distributed deployment are impacted . All users are advised to upgrade to RE LE AS ##E . 202 ##3 - 03 - 20 ##T ##20 - 16 - 18 ##Z . [SEP]
LRP (+Pred, pos-only)
[CLS] Mini ##o is a Multi - Cloud Object Storage framework . In a cluster deployment s tar tin ##g with RE LE AS ##E . 2019 - 12 - 17 ##T ##23 - 16 - 33 ##Z and prior to RE LE AS ##E . 202 ##3 - 03 - 20 ##T ##20 - 16 - 18 ##Z Min IO returns all environment variables including ` MI ##N IO _ SEC RE T _ K ##E ##Y ` and ` MI ##N IO _ R ##O ##OT _ PAS SW OR ##D ` resulting in info ##r matio n di sc los ##ure . All users of distributed deployment are impacted . All users are advised to upgrade to RE LE AS ##E . 202 ##3 - 03 - 20 ##T ##20 - 16 - 18 ##Z . [SEP]
LIME (words)
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z MinIO returns all environment variables including `MINIO_SECRET_KEY`and `MINIO_ROOT_PASSWORD` resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
SHAP (words)
Minio is a Multi- Cloud Object Storage framework. In a cluster deployment starting with RELEASE. 2019- 12- 17T23- 16- 33Z and prior to RELEASE. 2023- 03- 20T20- 16- 18Z MinIO returns all environment variables including ` MINIO_SECRET_KEY` and ` MINIO_ROOT_PASSWORD` resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE. 2023- 03- 20T20- 16- 18Z
#56 · cve_id CVE-2022-46175 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
JSON ▁5 ▁is ▁an ▁extension ▁to ▁the ▁popular JSON ▁file ▁format ▁that ▁aims ▁to ▁be ▁easier ▁to ▁write ▁and ▁maintain ▁by ▁hand ( e . g . ▁for config ▁files ) . ▁The ▁` parse ▁` ▁method ▁of ▁the JSON ▁5 ▁library ▁before ▁and ▁including ▁versions ▁1 . 0 . 1 ▁and ▁2 . 2 . 1 ▁does ▁not ▁restrict parsing ▁of ▁keys ▁named ▁` _ _ pro to _ _ ` ▁allowing spec i ally ▁crafted ▁strings ▁to pollute ▁the ▁prototype ▁of ▁the ▁resulting ▁object . ▁This ▁vulnerability pollute s ▁the ▁prototype ▁of ▁the ▁object ▁returned ▁by ▁` JSON ▁5 . parse ▁` ▁and ▁not ▁the glob ▁al Object ▁prototype ▁which ▁is ▁the ▁commonly ▁understood ▁def init ion ▁of Prototype Pollution . ▁However ▁poll ut ing ▁the ▁prototype ▁of ▁a ▁single ▁object ▁can ▁have ▁significant ▁security ▁impact ▁for ▁an ▁application ▁if ▁the ▁object ▁is ▁later ▁used ▁in ▁trusted ▁operations . ▁This ▁vulnerability ▁could ▁allow ▁an ▁attacker ▁to ▁set ▁arbitrary ▁and ▁unexpected ▁keys ▁on ▁the ▁object ▁returned ▁from ▁` JSON ▁5 . parse ▁` . ▁The ▁actual ▁impact ▁will ▁depend ▁on ▁how ▁applications ▁utilize ▁the ▁returned ▁object ▁and ▁how ▁they ▁filter ▁unwanted ▁keys ▁but ▁could ▁include ▁denial ▁of ▁service cross-site scripting ▁elevation ▁of ▁privilege ▁and ▁in ▁extreme ▁cases ▁remote ▁code ▁execution . ▁` JSON ▁5 . parse ▁` ▁should ▁restrict parsing ▁of ▁` _ _ pro to _ _ ` ▁keys ▁when parsing JSON ▁strings ▁to ▁objects . ▁As ▁a ▁point ▁of ▁reference ▁the ▁` JSON . parse ▁` ▁method ▁included ▁in JavaScript ignores ▁` _ _ pro to _ _ ` ▁keys . ▁Simply ▁changing ▁` JSON ▁5 . parse ▁` ▁to ▁` JSON . parse ▁` ▁in ▁the ▁examples ▁above mitigates ▁this ▁vulnerability . ▁This ▁vulnerability ▁is patched ▁in js ▁on 5 ▁versions ▁1 . 0 . 2 ▁2 . 2 . 2 ▁and ▁later . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation of privilege and in extreme cases remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2 2.2.2 and later.
SHAP (words)
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand ( e. g. for config files). The ` parse` method of the JSON5 library before and including versions 1. 0. 1 and 2. 2. 1 does not restrict parsing of keys named ` __proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by ` JSON5. parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from ` JSON5. parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross- site scripting elevation of privilege and in extreme cases remote code execution. ` JSON5. parse` should restrict parsing of ` __proto__` keys when parsing JSON strings to objects. As a point of reference the ` JSON. parse` method included in JavaScript ignores ` __proto__` keys. Simply changing ` JSON5. parse` to ` JSON. parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1. 0. 2 2. 2. 2 and later
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] JSON 5 is an extension to the popular JSON file format that aims to be easier to w ##r ite and ma int ain by hand ( e . g . for config files ) . The ` parse ` method of the JSON 5 library before and including versions 1 . 0 . 1 and 2 . 2 . 1 does not restrict parsing of keys named ` _ _ pro ##to _ _ ` allowing spec i ##ally crafted strings to pollute the prototype of the resulting object . This vulnerability pollute s the prototype of the object returned by ` JSON 5 . parse ` and not the glob al Object prototype which is the commonly understood def init ion of Prototype Pollution . However poll ##uti ##ng the prototype of a single object can have significant se ##c uri t ##y impact for an application if the object is later used in trusted operations . This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from ` JSON 5 . parse ` . The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation of privilege and in extreme cases remote code exec u ##tion . ` JSON 5 . parse ` should restrict parsing of ` _ _ pro ##to _ _ ` keys when parsing JSON strings to objects . As a p ##o int of reference the ` JSON . parse ` method included in JavaScript ignores ` _ _ pro ##to _ _ ` keys . Si ##mp ##ly changing ` JSON 5 . parse ` to ` JSON . parse ` in the examples above mitigates this vulnerability . This vulnerability is patched in js on ##5 versions 1 . 0 . 2 2 . 2 . 2 and later . [SEP]
LRP (+Pred, pos-only)
[CLS] JSON 5 is an extension to the popular JSON file format that aims to be easier to w ##r ite and ma int ain by hand ( e . g . for config files ) . The ` parse ` method of the JSON 5 library before and including versions 1 . 0 . 1 and 2 . 2 . 1 does not restrict parsing of keys named ` _ _ pro ##to _ _ ` allowing spec i ##ally crafted strings to pollute the prototype of the resulting object . This vulnerability pollute s the prototype of the object returned by ` JSON 5 . parse ` and not the glob al Object prototype which is the commonly understood def init ion of Prototype Pollution . However poll ##uti ##ng the prototype of a single object can have significant se ##c uri t ##y impact for an application if the object is later used in trusted operations . This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from ` JSON 5 . parse ` . The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation of privilege and in extreme cases remote code exec u ##tion . ` JSON 5 . parse ` should restrict parsing of ` _ _ pro ##to _ _ ` keys when parsing JSON strings to objects . As a p ##o int of reference the ` JSON . parse ` method included in JavaScript ignores ` _ _ pro ##to _ _ ` keys . Si ##mp ##ly changing ` JSON 5 . parse ` to ` JSON . parse ` in the examples above mitigates this vulnerability . This vulnerability is patched in js on ##5 versions 1 . 0 . 2 2 . 2 . 2 and later . [SEP]
LIME (words)
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation of privilege and in extreme cases remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2 2.2.2 and later.
SHAP (words)
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand ( e. g. for config files). The ` parse` method of the JSON5 library before and including versions 1. 0. 1 and 2. 2. 1 does not restrict parsing of keys named ` __proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by ` JSON5. parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from ` JSON5. parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross- site scripting elevation of privilege and in extreme cases remote code execution. ` JSON5. parse` should restrict parsing of ` __proto__` keys when parsing JSON strings to objects. As a point of reference the ` JSON. parse` method included in JavaScript ignores ` __proto__` keys. Simply changing ` JSON5. parse` to ` JSON. parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1. 0. 2 2. 2. 2 and later
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] JSON 5 is an extension to the popular JSON file format that aims to be easier to w ##r ite and ma int ain by hand ( e . g . for config files ) . The ` parse ` method of the JSON 5 library before and including versions 1 . 0 . 1 and 2 . 2 . 1 does not restrict parsing of keys named ` _ _ pro ##to _ _ ` allowing spec i ##ally crafted strings to pollute the prototype of the resulting object . This vulnerability pollute s the prototype of the object returned by ` JSON 5 . parse ` and not the glob al Object prototype which is the commonly understood def init ion of Prototype Pollution . However poll ##uti ##ng the prototype of a single object can have significant se ##c uri t ##y impact for an application if the object is later used in trusted operations . This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from ` JSON 5 . parse ` . The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation of privilege and in extreme cases remote code exec u ##tion . ` JSON 5 . parse ` should restrict parsing of ` _ _ pro ##to _ _ ` keys when parsing JSON strings to objects . As a p ##o int of reference the ` JSON . parse ` method included in JavaScript ignores ` _ _ pro ##to _ _ ` keys . Si ##mp ##ly changing ` JSON 5 . parse ` to ` JSON . parse ` in the examples above mitigates this vulnerability . This vulnerability is patched in js on ##5 versions 1 . 0 . 2 2 . 2 . 2 and later . [SEP]
LRP (+Pred, pos-only)
[CLS] JSON 5 is an extension to the popular JSON file format that aims to be easier to w ##r ite and ma int ain by hand ( e . g . for config files ) . The ` parse ` method of the JSON 5 library before and including versions 1 . 0 . 1 and 2 . 2 . 1 does not restrict parsing of keys named ` _ _ pro ##to _ _ ` allowing spec i ##ally crafted strings to pollute the prototype of the resulting object . This vulnerability pollute s the prototype of the object returned by ` JSON 5 . parse ` and not the glob al Object prototype which is the commonly understood def init ion of Prototype Pollution . However poll ##uti ##ng the prototype of a single object can have significant se ##c uri t ##y impact for an application if the object is later used in trusted operations . This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from ` JSON 5 . parse ` . The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation of privilege and in extreme cases remote code exec u ##tion . ` JSON 5 . parse ` should restrict parsing of ` _ _ pro ##to _ _ ` keys when parsing JSON strings to objects . As a p ##o int of reference the ` JSON . parse ` method included in JavaScript ignores ` _ _ pro ##to _ _ ` keys . Si ##mp ##ly changing ` JSON 5 . parse ` to ` JSON . parse ` in the examples above mitigates this vulnerability . This vulnerability is patched in js on ##5 versions 1 . 0 . 2 2 . 2 . 2 and later . [SEP]
LIME (words)
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation of privilege and in extreme cases remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2 2.2.2 and later.
SHAP (words)
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand ( e. g. for config files). The ` parse` method of the JSON5 library before and including versions 1. 0. 1 and 2. 2. 1 does not restrict parsing of keys named ` __proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by ` JSON5. parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from ` JSON5. parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross- site scripting elevation of privilege and in extreme cases remote code execution. ` JSON5. parse` should restrict parsing of ` __proto__` keys when parsing JSON strings to objects. As a point of reference the ` JSON. parse` method included in JavaScript ignores ` __proto__` keys. Simply changing ` JSON5. parse` to ` JSON. parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1. 0. 2 2. 2. 2 and later
#57 · cve_id CVE-2023-41769 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Layer ▁2 Tunneling ▁Protocol Remote ▁Code Execution Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
SHAP (words)
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Layer 2 Tunneling Protocol Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Layer 2 Tunneling Protocol Remote Code Execution Vulnerability [SEP]
LIME (words)
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
SHAP (words)
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Layer 2 Tunneling Protocol Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] Layer 2 Tunneling Protocol Remote Code Execution Vulnerability [SEP]
LIME (words)
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
SHAP (words)
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
#58 · cve_id CVE-2023-41707 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.96 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Processing ▁of user-defined ▁mail ▁search ▁ex pre ssi ▁on s ▁is ▁not ▁limited . Availability ▁of OX ▁App ▁Suite ▁could ▁be ▁reduced ▁due ▁to ▁high ▁pro ce ssi ng ▁load . ▁Please ▁deploy ▁the ▁provided ▁updates ▁and ▁patch ▁releases . Processing ▁time ▁of ▁mail ▁search ▁ex pre ssi ▁on s ▁now ▁gets ▁monitored ▁and ▁the ▁related ▁request ▁is ▁terminated ▁if ▁a ▁resource ▁threshold ▁is ▁reached . ▁No ▁publicly ▁available ▁exploit s ▁are ▁known . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
SHAP (words)
Processing of user- defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored and the related request is terminated if a resource threshold is reached. No publicly available exploits are known
lrp-bert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Processing of user-defined mail search ex ##p ##re ssi on ##s is not l ##im ite d . Availability of OX App Su ite could be reduced due to high pro ##ce ssi ng load . Please deploy the provided updates and patch releases . Processing time of mail search ex ##p ##re ssi on ##s now gets monitored and the related request is terminated if a resource threshold is reached . No publicly available exploits are known . [SEP]
LRP (+Pred, pos-only)
[CLS] Processing of user-defined mail search ex ##p ##re ssi on ##s is not l ##im ite d . Availability of OX App Su ite could be reduced due to high pro ##ce ssi ng load . Please deploy the provided updates and patch releases . Processing time of mail search ex ##p ##re ssi on ##s now gets monitored and the related request is terminated if a resource threshold is reached . No publicly available exploits are known . [SEP]
LIME (words)
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
SHAP (words)
Processing of user- defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored and the related request is terminated if a resource threshold is reached. No publicly available exploits are known
lrp-distilbert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Processing of user-defined mail search ex ##p ##re ssi on ##s is not l ##im ite d . Availability of OX App Su ite could be reduced due to high pro ##ce ssi ng load . Please deploy the provided updates and patch releases . Processing time of mail search ex ##p ##re ssi on ##s now gets monitored and the related request is terminated if a resource threshold is reached . No publicly available exploits are known . [SEP]
LRP (+Pred, pos-only)
[CLS] Processing of user-defined mail search ex ##p ##re ssi on ##s is not l ##im ite d . Availability of OX App Su ite could be reduced due to high pro ##ce ssi ng load . Please deploy the provided updates and patch releases . Processing time of mail search ex ##p ##re ssi on ##s now gets monitored and the related request is terminated if a resource threshold is reached . No publicly available exploits are known . [SEP]
LIME (words)
Processing of user-defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored and the related request is terminated if a resource threshold is reached. No publicly available exploits are known.
SHAP (words)
Processing of user- defined mail search expressions is not limited. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing time of mail search expressions now gets monitored and the related request is terminated if a resource threshold is reached. No publicly available exploits are known
#59 · cve_id CVE-2020-24912 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁reflected cross-site scripting ( XSS ) ▁vulnerability ▁in q cu bed ( all ▁versions ▁including ▁3 . 1 . 1 ) ▁in ▁profile . php ▁via ▁the st Query - param eter ▁allows unauthenticated ▁attackers ▁to ▁steal se ssi ▁on s ▁of authenticated ▁users . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
SHAP (words)
A reflected cross- site scripting ( XSS) vulnerability in qcubed ( all versions including 3. 1. 1) in profile. php via the stQuery- parameter allows unauthenticated attackers to steal sessions of authenticated users
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A reflected cross-site scripting ( XSS ) vulnerability in q ##cu ##bed ( all versions including 3 . 1 . 1 ) in profile . php via the s ##t Query - param et ##er allows unauthenticated attackers to steal se ssi on ##s of authenticated users . [SEP]
LRP (+Pred, pos-only)
[CLS] A reflected cross-site scripting ( XSS ) vulnerability in q ##cu ##bed ( all versions including 3 . 1 . 1 ) in profile . php via the s ##t Query - param et ##er allows unauthenticated attackers to steal se ssi on ##s of authenticated users . [SEP]
LIME (words)
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
SHAP (words)
A reflected cross- site scripting ( XSS) vulnerability in qcubed ( all versions including 3. 1. 1) in profile. php via the stQuery- parameter allows unauthenticated attackers to steal sessions of authenticated users
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A reflected cross-site scripting ( XSS ) vulnerability in q ##cu ##bed ( all versions including 3 . 1 . 1 ) in profile . php via the s ##t Query - param et ##er allows unauthenticated attackers to steal se ssi on ##s of authenticated users . [SEP]
LRP (+Pred, pos-only)
[CLS] A reflected cross-site scripting ( XSS ) vulnerability in q ##cu ##bed ( all versions including 3 . 1 . 1 ) in profile . php via the s ##t Query - param et ##er allows unauthenticated attackers to steal se ssi on ##s of authenticated users . [SEP]
LIME (words)
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
SHAP (words)
A reflected cross- site scripting ( XSS) vulnerability in qcubed ( all versions including 3. 1. 1) in profile. php via the stQuery- parameter allows unauthenticated attackers to steal sessions of authenticated users
#60 · cve_id CVE-2021-3912 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Oct o R PKI ▁tries ▁to ▁load ▁the ▁entire ▁contents ▁of ▁a repository ▁in ▁memory ▁and ▁in ▁the ▁case ▁of ▁a ▁G Z IP ▁bomb unzip ▁it ▁in ▁memory ▁making ▁it ▁po ssi ble ▁to ▁create ▁a repository ▁that ▁makes ▁Oct o R PKI ▁run ▁out ▁of ▁memory ( and ▁thus ▁crash ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
OctoRPKI tries to load the entire contents of a repository in memory and in the case of a GZIP bomb unzip it in memory making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
SHAP (words)
OctoRPKI tries to load the entire contents of a repository in memory and in the case of a GZIP bomb unzip it in memory making it possible to create a repository that makes OctoRPKI run out of memory ( and thus crash
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Oct ##o RP K ##I tries to load the entire contents of a repository in memory and in the case of a G ##Z ##IP bomb unzip it in memory making it p ##o ssi b ##le to create a repository that makes Oct ##o RP K ##I run out of memory ( and thus crash ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Oct ##o RP K ##I tries to load the entire contents of a repository in memory and in the case of a G ##Z ##IP bomb unzip it in memory making it p ##o ssi b ##le to create a repository that makes Oct ##o RP K ##I run out of memory ( and thus crash ) . [SEP]
LIME (words)
OctoRPKI tries to load the entire contents of a repository in memory and in the case of a GZIP bomb unzip it in memory making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
SHAP (words)
OctoRPKI tries to load the entire contents of a repository in memory and in the case of a GZIP bomb unzip it in memory making it possible to create a repository that makes OctoRPKI run out of memory ( and thus crash
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Oct ##o RP K ##I tries to load the entire contents of a repository in memory and in the case of a G ##Z ##IP bomb unzip it in memory making it p ##o ssi b ##le to create a repository that makes Oct ##o RP K ##I run out of memory ( and thus crash ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Oct ##o RP K ##I tries to load the entire contents of a repository in memory and in the case of a G ##Z ##IP bomb unzip it in memory making it p ##o ssi b ##le to create a repository that makes Oct ##o RP K ##I run out of memory ( and thus crash ) . [SEP]
LIME (words)
OctoRPKI tries to load the entire contents of a repository in memory and in the case of a GZIP bomb unzip it in memory making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
SHAP (words)
OctoRPKI tries to load the entire contents of a repository in memory and in the case of a GZIP bomb unzip it in memory making it possible to create a repository that makes OctoRPKI run out of memory ( and thus crash
#61 · cve_id CVE-2020-7877 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁buffer overflow ▁issue ▁was ▁di sc ▁over ed ▁in ▁Z OO K ▁solution ( rem ote admin ▁is t ration ▁tool ) ▁through ▁pro ce ssi ng ' Connect Me ' ▁command ▁while parsing ▁a ▁crafted OUT ER IP ▁value ▁because ▁of ▁mi ssi ng ▁boundary ▁check . ▁This ▁vulnerability ▁allows ▁the ▁attacker ▁to ▁execute ▁remote ▁arbitrary ▁command . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.
SHAP (words)
A buffer overflow issue was discovered in ZOOK solution( remote administration tool) through processing ' ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A buffer overflow issue was di sc over ##ed in Z ##O ##OK solution ( remote admin is ##tration tool ) through pro ##ce ssi ng ' Connect Me ' command while parsing a crafted O ##UT ##ER ##IP value because of mi ssi ng boundary check . This vulnerability allows the attacker to exec u ##te remote arbitrary command . [SEP]
LRP (+Pred, pos-only)
[CLS] A buffer overflow issue was di sc over ##ed in Z ##O ##OK solution ( remote admin is ##tration tool ) through pro ##ce ssi ng ' Connect Me ' command while parsing a crafted O ##UT ##ER ##IP value because of mi ssi ng boundary check . This vulnerability allows the attacker to exec u ##te remote arbitrary command . [SEP]
LIME (words)
A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.
SHAP (words)
A buffer overflow issue was discovered in ZOOK solution( remote administration tool) through processing ' ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A buffer overflow issue was di sc over ##ed in Z ##O ##OK solution ( remote admin is ##tration tool ) through pro ##ce ssi ng ' Connect Me ' command while parsing a crafted O ##UT ##ER ##IP value because of mi ssi ng boundary check . This vulnerability allows the attacker to exec u ##te remote arbitrary command . [SEP]
LRP (+Pred, pos-only)
[CLS] A buffer overflow issue was di sc over ##ed in Z ##O ##OK solution ( remote admin is ##tration tool ) through pro ##ce ssi ng ' Connect Me ' command while parsing a crafted O ##UT ##ER ##IP value because of mi ssi ng boundary check . This vulnerability allows the attacker to exec u ##te remote arbitrary command . [SEP]
LIME (words)
A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command.
SHAP (words)
A buffer overflow issue was discovered in ZOOK solution( remote administration tool) through processing ' ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command
#62 · cve_id CVE-2022-0071 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.97 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Incomplete ▁fix ▁for CVE - 20 21 - 310 1 . ▁Hot dog ▁prior ▁to ▁v 1 . 0 . 2 ▁did ▁not ▁mimic ▁the ▁resource ▁limits ▁device ▁restrictions ▁or syscall ▁filters ▁of ▁the ▁target JVM ▁process . ▁This ▁would ▁allow ▁a ▁container ▁to ▁exhaust ▁the ▁resources ▁of ▁the ▁host ▁modify ▁devices ▁or ▁make syscalls ▁that ▁would ▁otherwise ▁be ▁blocked . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Incomplete fix for CVE-2021-3101. Hotdog prior to v1.0.2 did not mimic the resource limits device restrictions or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host modify devices or make syscalls that would otherwise be blocked.
SHAP (words)
Incomplete fix for CVE- 2021- 3101. Hotdog prior to v1. 0. 2 did not mimic the resource limits device restrictions or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host modify devices or make syscalls that would otherwise be blocked
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Incomplete fix for CVE - 202 ##1 - 310 ##1 . Hot ##dog prior to v ##1 . 0 . 2 did not mimic the resource limits dev ice restrictions or syscall filters of the tar get JVM process . This would allow a container to exhaust the resources of the host mod if ##y dev ice ##s or make syscalls that would otherwise be blocked . [SEP]
LRP (+Pred, pos-only)
[CLS] Incomplete fix for CVE - 202 ##1 - 310 ##1 . Hot ##dog prior to v ##1 . 0 . 2 did not mimic the resource limits dev ice restrictions or syscall filters of the tar get JVM process . This would allow a container to exhaust the resources of the host mod if ##y dev ice ##s or make syscalls that would otherwise be blocked . [SEP]
LIME (words)
Incomplete fix for CVE-2021-3101. Hotdog prior to v1.0.2 did not mimic the resource limits device restrictions or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host modify devices or make syscalls that would otherwise be blocked.
SHAP (words)
Incomplete fix for CVE- 2021- 3101. Hotdog prior to v1. 0. 2 did not mimic the resource limits device restrictions or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host modify devices or make syscalls that would otherwise be blocked
lrp-distilbert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Incomplete fix for CVE - 202 ##1 - 310 ##1 . Hot ##dog prior to v ##1 . 0 . 2 did not mimic the resource limits dev ice restrictions or syscall filters of the tar get JVM process . This would allow a container to exhaust the resources of the host mod if ##y dev ice ##s or make syscalls that would otherwise be blocked . [SEP]
LRP (+Pred, pos-only)
[CLS] Incomplete fix for CVE - 202 ##1 - 310 ##1 . Hot ##dog prior to v ##1 . 0 . 2 did not mimic the resource limits dev ice restrictions or syscall filters of the tar get JVM process . This would allow a container to exhaust the resources of the host mod if ##y dev ice ##s or make syscalls that would otherwise be blocked . [SEP]
LIME (words)
Incomplete fix for CVE-2021-3101. Hotdog prior to v1.0.2 did not mimic the resource limits device restrictions or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host modify devices or make syscalls that would otherwise be blocked.
SHAP (words)
Incomplete fix for CVE- 2021- 3101. Hotdog prior to v1. 0. 2 did not mimic the resource limits device restrictions or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host modify devices or make syscalls that would otherwise be blocked
#63 · cve_id CVE-2021-41266 · a
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.57 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Mini o ▁console ▁is ▁a graphical ▁user ▁interface ▁for ▁the ▁for ▁Min IO ▁operator . ▁Mini o ▁itself ▁is ▁a ▁multi -c ▁loud ▁object ▁storage ▁project . Affected ▁versions ▁are ▁subject ▁to ▁an authentication ▁bypass ▁issue ▁in ▁the Operator Console ▁when ▁an ▁external ▁I DP ▁is ▁enabled . ▁All ▁users ▁on ▁release ▁v 0 . 12 . 2 ▁and ▁before ▁are ▁affected ▁and ▁are ▁advised ▁to ▁update ▁to ▁0 . 12 . 3 ▁or ▁newer . User s ▁unable ▁to ▁upgrade ▁should ▁add ▁auto mount Service Account Token : ▁false ▁to ▁the ▁operator -c ▁on s ole ▁deployment ▁in Kubernetes ▁so ▁no ▁service ▁account ▁token ▁will ▁get ▁mounted ▁in sid e ▁the pod ▁then disable ▁the ▁external ▁identity ▁provider authentication ▁by ▁un set ▁the ▁CON S OLE ▁_ I DP _ URL ▁CON S OLE ▁_ I DP _ CLI ENT _ ID ▁CON S OLE ▁_ I DP _ S EC RET ▁and ▁CON S OLE ▁_ I DP _ C ALL BACK ▁environment ▁variable ▁and ▁instead ▁use ▁the Kubernetes ▁service ▁account ▁token . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod then disable the external identity provider authentication by unset the CONSOLE_IDP_URL CONSOLE_IDP_CLIENT_ID CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.
SHAP (words)
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi- cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0. 12. 2 and before are affected and are advised to update to 0. 12. 3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator- console deployment in Kubernetes so no service account token will get mounted inside the pod then disable the external identity provider authentication by unset the CONSOLE_IDP_URL CONSOLE_IDP_CLIENT_ID CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token
lrp-bert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mini ##o console is a graphical user int er ##face for the for Min IO operator . Mini ##o its elf is a multi -c loud object storage project . Affected versions are subject to an authentication bypass issue in the Operator Console when an external ID ##P is enabled . All users on release v ##0 . 12 . 2 and before are affected and are advised to update to 0 . 12 . 3 or newer . User s unable to upgrade should add auto ##mount ##S ##er ##vice Account Token : false to the operator -c on ##sol ##e deployment in Kubernetes so no service account token will get mounted in sid e the pod then disable the external identity provider authentication by un ##set the CO NS OLE _ ID ##P _ URL CO NS OLE _ ID ##P _ CLI E NT _ ID CO NS OLE _ ID ##P _ SEC RE T and CO NS OLE _ ID ##P _ C ALL B ACK environment variable and instead use the Kubernetes service account token . [SEP]
LRP (+Pred, pos-only)
[CLS] Mini ##o console is a graphical user int er ##face for the for Min IO operator . Mini ##o its elf is a multi -c loud object storage project . Affected versions are subject to an authentication bypass issue in the Operator Console when an external ID ##P is enabled . All users on release v ##0 . 12 . 2 and before are affected and are advised to update to 0 . 12 . 3 or newer . User s unable to upgrade should add auto ##mount ##S ##er ##vice Account Token : false to the operator -c on ##sol ##e deployment in Kubernetes so no service account token will get mounted in sid e the pod then disable the external identity provider authentication by un ##set the CO NS OLE _ ID ##P _ URL CO NS OLE _ ID ##P _ CLI E NT _ ID CO NS OLE _ ID ##P _ SEC RE T and CO NS OLE _ ID ##P _ C ALL B ACK environment variable and instead use the Kubernetes service account token . [SEP]
LIME (words)
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod then disable the external identity provider authentication by unset the CONSOLE_IDP_URL CONSOLE_IDP_CLIENT_ID CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.
SHAP (words)
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi- cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0. 12. 2 and before are affected and are advised to update to 0. 12. 3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator- console deployment in Kubernetes so no service account token will get mounted inside the pod then disable the external identity provider authentication by unset the CONSOLE_IDP_URL CONSOLE_IDP_CLIENT_ID CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token
lrp-distilbert · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Mini ##o console is a graphical user int er ##face for the for Min IO operator . Mini ##o its elf is a multi -c loud object storage project . Affected versions are subject to an authentication bypass issue in the Operator Console when an external ID ##P is enabled . All users on release v ##0 . 12 . 2 and before are affected and are advised to update to 0 . 12 . 3 or newer . User s unable to upgrade should add auto ##mount ##S ##er ##vice Account Token : false to the operator -c on ##sol ##e deployment in Kubernetes so no service account token will get mounted in sid e the pod then disable the external identity provider authentication by un ##set the CO NS OLE _ ID ##P _ URL CO NS OLE _ ID ##P _ CLI E NT _ ID CO NS OLE _ ID ##P _ SEC RE T and CO NS OLE _ ID ##P _ C ALL B ACK environment variable and instead use the Kubernetes service account token . [SEP]
LRP (+Pred, pos-only)
[CLS] Mini ##o console is a graphical user int er ##face for the for Min IO operator . Mini ##o its elf is a multi -c loud object storage project . Affected versions are subject to an authentication bypass issue in the Operator Console when an external ID ##P is enabled . All users on release v ##0 . 12 . 2 and before are affected and are advised to update to 0 . 12 . 3 or newer . User s unable to upgrade should add auto ##mount ##S ##er ##vice Account Token : false to the operator -c on ##sol ##e deployment in Kubernetes so no service account token will get mounted in sid e the pod then disable the external identity provider authentication by un ##set the CO NS OLE _ ID ##P _ URL CO NS OLE _ ID ##P _ CLI E NT _ ID CO NS OLE _ ID ##P _ SEC RE T and CO NS OLE _ ID ##P _ C ALL B ACK environment variable and instead use the Kubernetes service account token . [SEP]
LIME (words)
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi-cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0.12.2 and before are affected and are advised to update to 0.12.3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod then disable the external identity provider authentication by unset the CONSOLE_IDP_URL CONSOLE_IDP_CLIENT_ID CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.
SHAP (words)
Minio console is a graphical user interface for the for MinIO operator. Minio itself is a multi- cloud object storage project. Affected versions are subject to an authentication bypass issue in the Operator Console when an external IDP is enabled. All users on release v0. 12. 2 and before are affected and are advised to update to 0. 12. 3 or newer. Users unable to upgrade should add automountServiceAccountToken: false to the operator- console deployment in Kubernetes so no service account token will get mounted inside the pod then disable the external identity provider authentication by unset the CONSOLE_IDP_URL CONSOLE_IDP_CLIENT_ID CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token
#64 · cve_id CVE-2023-48791 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An improper neutralization ▁of spec ial ▁elements ▁used ▁in ▁a ▁command ( ' Com man d Injection ' ) ▁vulnerability ▁[ C WE - 77 ] ▁in FortiPortal ▁version ▁7 . 2 . 0 ▁version ▁7 . 0 . 6 ▁and ▁below ▁may ▁allow ▁a ▁remote authenticated ▁attacker ▁with ▁at ▁least ▁R / W ▁per mi ssi ▁on ▁to ▁execute unauthorized ▁commands ▁via spec ▁if ically ▁crafted ▁arguments ▁in ▁the ▁Schedule ▁System Backup ▁page ▁field . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0 version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
SHAP (words)
An improper neutralization of special elements used in a command (' Command Injection') vulnerability [ CWE- 77] in FortiPortal version 7. 2. 0 version 7. 0. 6 and below may allow a remote authenticated attacker with at least R/ W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An improper neutralization of spec i ##al elements used in a command ( ' Command Injection ' ) vulnerability [ CW ##E - 77 ] in FortiPortal version 7 . 2 . 0 version 7 . 0 . 6 and below may allow a remote authenticated attacker with at least R / W per ##mi ssi on to exec u ##te unauthorized commands via spec if ##ically crafted arguments in the Schedule System Backup page field . [SEP]
LRP (+Pred, pos-only)
[CLS] An improper neutralization of spec i ##al elements used in a command ( ' Command Injection ' ) vulnerability [ CW ##E - 77 ] in FortiPortal version 7 . 2 . 0 version 7 . 0 . 6 and below may allow a remote authenticated attacker with at least R / W per ##mi ssi on to exec u ##te unauthorized commands via spec if ##ically crafted arguments in the Schedule System Backup page field . [SEP]
LIME (words)
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0 version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
SHAP (words)
An improper neutralization of special elements used in a command (' Command Injection') vulnerability [ CWE- 77] in FortiPortal version 7. 2. 0 version 7. 0. 6 and below may allow a remote authenticated attacker with at least R/ W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An improper neutralization of spec i ##al elements used in a command ( ' Command Injection ' ) vulnerability [ CW ##E - 77 ] in FortiPortal version 7 . 2 . 0 version 7 . 0 . 6 and below may allow a remote authenticated attacker with at least R / W per ##mi ssi on to exec u ##te unauthorized commands via spec if ##ically crafted arguments in the Schedule System Backup page field . [SEP]
LRP (+Pred, pos-only)
[CLS] An improper neutralization of spec i ##al elements used in a command ( ' Command Injection ' ) vulnerability [ CW ##E - 77 ] in FortiPortal version 7 . 2 . 0 version 7 . 0 . 6 and below may allow a remote authenticated attacker with at least R / W per ##mi ssi on to exec u ##te unauthorized commands via spec if ##ically crafted arguments in the Schedule System Backup page field . [SEP]
LIME (words)
An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0 version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
SHAP (words)
An improper neutralization of special elements used in a command (' Command Injection') vulnerability [ CWE- 77] in FortiPortal version 7. 2. 0 version 7. 0. 6 and below may allow a remote authenticated attacker with at least R/ W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field
#65 · cve_id CVE-2024-20811 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Improper ▁caller verification ▁in ▁Game Op tim izer ▁prior ▁to SMR ▁Feb - 20 24 ▁Release ▁1 ▁allows ▁local ▁attackers ▁to configure ▁Game Op tim izer . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
SHAP (words)
Improper caller verification in GameOptimizer prior to SMR Feb- 2024 Release 1 allows local attackers to configure GameOptimizer
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper caller verification in Game ##O ##pt ##im ##izer prior to SMR Feb - 202 ##4 Release 1 allows local attackers to configure Game ##O ##pt ##im ##izer . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper caller verification in Game ##O ##pt ##im ##izer prior to SMR Feb - 202 ##4 Release 1 allows local attackers to configure Game ##O ##pt ##im ##izer . [SEP]
LIME (words)
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
SHAP (words)
Improper caller verification in GameOptimizer prior to SMR Feb- 2024 Release 1 allows local attackers to configure GameOptimizer
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Improper caller verification in Game ##O ##pt ##im ##izer prior to SMR Feb - 202 ##4 Release 1 allows local attackers to configure Game ##O ##pt ##im ##izer . [SEP]
LRP (+Pred, pos-only)
[CLS] Improper caller verification in Game ##O ##pt ##im ##izer prior to SMR Feb - 202 ##4 Release 1 allows local attackers to configure Game ##O ##pt ##im ##izer . [SEP]
LIME (words)
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
SHAP (words)
Improper caller verification in GameOptimizer prior to SMR Feb- 2024 Release 1 allows local attackers to configure GameOptimizer
#66 · cve_id CVE-2021-28079 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Jam ov i ▁< = 1 . 6 . 18 ▁is ▁affected ▁by ▁a cross-site scripting ( XSS ) ▁vulnerability . ▁The ▁column - name ▁is ▁vulnerable ▁to XSS ▁in ▁the Electron JS Frame ▁work . ▁An ▁attacker ▁can ▁make ▁a . om v ( Ja mo vi ) ▁document ▁containing ▁a ▁payload . ▁When ▁opened ▁by ▁victim ▁the ▁payload ▁is ▁triggered . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim the payload is triggered.
SHAP (words)
Jamovi <= 1. 6. 18 is affected by a cross- site scripting ( XSS) vulnerability. The column- name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a . omv ( Jamovi) document containing a payload. When opened by victim the payload is triggered
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jam ##ov ##i < = 1 . 6 . 18 is affected by a cross-site scripting ( XSS ) vulnerability . The column - name is vulnerable to XSS in the Electron JS Frame work . An attacker can make a . o ##m ##v ( Jam ##ov ##i ) document containing a payload . When opened by victim the payload is triggered . [SEP]
LRP (+Pred, pos-only)
[CLS] Jam ##ov ##i < = 1 . 6 . 18 is affected by a cross-site scripting ( XSS ) vulnerability . The column - name is vulnerable to XSS in the Electron JS Frame work . An attacker can make a . o ##m ##v ( Jam ##ov ##i ) document containing a payload . When opened by victim the payload is triggered . [SEP]
LIME (words)
Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim the payload is triggered.
SHAP (words)
Jamovi <= 1. 6. 18 is affected by a cross- site scripting ( XSS) vulnerability. The column- name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a . omv ( Jamovi) document containing a payload. When opened by victim the payload is triggered
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Jam ##ov ##i < = 1 . 6 . 18 is affected by a cross-site scripting ( XSS ) vulnerability . The column - name is vulnerable to XSS in the Electron JS Frame work . An attacker can make a . o ##m ##v ( Jam ##ov ##i ) document containing a payload . When opened by victim the payload is triggered . [SEP]
LRP (+Pred, pos-only)
[CLS] Jam ##ov ##i < = 1 . 6 . 18 is affected by a cross-site scripting ( XSS ) vulnerability . The column - name is vulnerable to XSS in the Electron JS Frame work . An attacker can make a . o ##m ##v ( Jam ##ov ##i ) document containing a payload . When opened by victim the payload is triggered . [SEP]
LIME (words)
Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim the payload is triggered.
SHAP (words)
Jamovi <= 1. 6. 18 is affected by a cross- site scripting ( XSS) vulnerability. The column- name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a . omv ( Jamovi) document containing a payload. When opened by victim the payload is triggered
#67 · cve_id CVE-2020-14692 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the ▁Oracle ▁Financial ▁Services Loan ▁Los s ▁Forecast ing ▁and Provisioning ▁product ▁of ▁Oracle ▁Financial ▁Services ▁Applications ( com ponent : User Interface ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁8 . 0 . 6 - 8 . 0 . 8 . Easily exploitable ▁vulnerability ▁allows ▁low ▁privileged ▁attacker ▁with ▁network ▁access ▁via HTTP ▁to ▁compromise ▁Oracle ▁Financial ▁Services Loan ▁Los s ▁Forecast ing ▁and Provisioning . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁creation deletion ▁or ▁modification ▁access ▁to ▁critical ▁data ▁or ▁all ▁Oracle ▁Financial ▁Services Loan ▁Los s ▁Forecast ing ▁and Provisioning acce ssi ble ▁data . CVSS ▁3 . 1 ▁Base ▁Score ▁6 . 5 ( Integrity ▁impacts ) . CVSS Vector : ( CVSS : 3 . 1/ AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : H / A : N ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
SHAP (words)
Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications ( component: User Interface). Supported versions that are affected are 8. 0. 6- 8. 0. 8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3. 1 Base Score 6. 5 ( Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: L/ UI: N/ S: U/ C: N/ I: H/ A: N
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning product of Oracle Financial Services App l ##ica ##tions ( component : User Interface ) . Supported versions that are affected are 8 . 0 . 6 - 8 . 0 . 8 . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning . Successful attacks of this vulnerability can result in unauthorized creation deletion or mod if ##ica ##tion access to critical data or all Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 6 . 5 ( Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : H / A : N ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning product of Oracle Financial Services App l ##ica ##tions ( component : User Interface ) . Supported versions that are affected are 8 . 0 . 6 - 8 . 0 . 8 . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning . Successful attacks of this vulnerability can result in unauthorized creation deletion or mod if ##ica ##tion access to critical data or all Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 6 . 5 ( Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : H / A : N ) . [SEP]
LIME (words)
Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
SHAP (words)
Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications ( component: User Interface). Supported versions that are affected are 8. 0. 6- 8. 0. 8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3. 1 Base Score 6. 5 ( Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: L/ UI: N/ S: U/ C: N/ I: H/ A: N
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning product of Oracle Financial Services App l ##ica ##tions ( component : User Interface ) . Supported versions that are affected are 8 . 0 . 6 - 8 . 0 . 8 . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning . Successful attacks of this vulnerability can result in unauthorized creation deletion or mod if ##ica ##tion access to critical data or all Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 6 . 5 ( Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : H / A : N ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning product of Oracle Financial Services App l ##ica ##tions ( component : User Interface ) . Supported versions that are affected are 8 . 0 . 6 - 8 . 0 . 8 . Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning . Successful attacks of this vulnerability can result in unauthorized creation deletion or mod if ##ica ##tion access to critical data or all Oracle Financial Services Loan Loss For ##eca ##sting and Provisioning a ##cc ##e ssi b ##le data . CVSS 3 . 1 Base Score 6 . 5 ( Integrity impacts ) . CVSS Vector : ( CVSS : 3 . 1 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : H / A : N ) . [SEP]
LIME (words)
Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N).
SHAP (words)
Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications ( component: User Interface). Supported versions that are affected are 8. 0. 6- 8. 0. 8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Loan Loss Forecasting and Provisioning. Successful attacks of this vulnerability can result in unauthorized creation deletion or modification access to critical data or all Oracle Financial Services Loan Loss Forecasting and Provisioning accessible data. CVSS 3. 1 Base Score 6. 5 ( Integrity impacts). CVSS Vector: ( CVSS: 3. 1/ AV: N/ AC: L/ PR: L/ UI: N/ S: U/ C: N/ I: H/ A: N
#68 · cve_id CVE-2023-27928 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁privacy ▁issue ▁was ▁addressed ▁with ▁improved ▁private ▁data ▁red action ▁for ▁log ▁entries . ▁This ▁issue ▁is ▁fixed ▁in macOS ▁Ventura ▁13 . 3 ▁iOS ▁16 . 4 ▁and iPadOS ▁16 . 4 ▁iOS ▁15 . 7 . 4 ▁and iPadOS ▁15 . 7 . 4 tvOS ▁16 . 4 watchOS ▁9 . 4 macOS ▁Big ▁Sur ▁11 . 7 . 5 . ▁An ▁app ▁may ▁be ▁able ▁to ▁access ▁in for matio n ▁about ▁a user’s ▁contacts . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3 iOS 16.4 and iPadOS 16.4 iOS 15.7.4 and iPadOS 15.7.4 tvOS 16.4 watchOS 9.4 macOS Big Sur 11.7.5. An app may be able to access information about a user’s contacts.
SHAP (words)
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13. 3 iOS 16. 4 and iPadOS 16. 4 iOS 15. 7. 4 and iPadOS 15. 7. 4 tvOS 16. 4 watchOS 9. 4 macOS Big Sur 11. 7. 5. An app may be able to access information about a user’ s contacts
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A privacy issue was addressed with improved private data red ##action for log entries . This issue is fixed in macOS Ventura 13 . 3 iOS 16 . 4 and iPadOS 16 . 4 iOS 15 . 7 . 4 and iPadOS 15 . 7 . 4 tvOS 16 . 4 watchOS 9 . 4 macOS Big Sur 11 . 7 . 5 . An app may be able to access info ##r matio n about a user’s contacts . [SEP]
LRP (+Pred, pos-only)
[CLS] A privacy issue was addressed with improved private data red ##action for log entries . This issue is fixed in macOS Ventura 13 . 3 iOS 16 . 4 and iPadOS 16 . 4 iOS 15 . 7 . 4 and iPadOS 15 . 7 . 4 tvOS 16 . 4 watchOS 9 . 4 macOS Big Sur 11 . 7 . 5 . An app may be able to access info ##r matio n about a user’s contacts . [SEP]
LIME (words)
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3 iOS 16.4 and iPadOS 16.4 iOS 15.7.4 and iPadOS 15.7.4 tvOS 16.4 watchOS 9.4 macOS Big Sur 11.7.5. An app may be able to access information about a user’s contacts.
SHAP (words)
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13. 3 iOS 16. 4 and iPadOS 16. 4 iOS 15. 7. 4 and iPadOS 15. 7. 4 tvOS 16. 4 watchOS 9. 4 macOS Big Sur 11. 7. 5. An app may be able to access information about a user’ s contacts
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A privacy issue was addressed with improved private data red ##action for log entries . This issue is fixed in macOS Ventura 13 . 3 iOS 16 . 4 and iPadOS 16 . 4 iOS 15 . 7 . 4 and iPadOS 15 . 7 . 4 tvOS 16 . 4 watchOS 9 . 4 macOS Big Sur 11 . 7 . 5 . An app may be able to access info ##r matio n about a user’s contacts . [SEP]
LRP (+Pred, pos-only)
[CLS] A privacy issue was addressed with improved private data red ##action for log entries . This issue is fixed in macOS Ventura 13 . 3 iOS 16 . 4 and iPadOS 16 . 4 iOS 15 . 7 . 4 and iPadOS 15 . 7 . 4 tvOS 16 . 4 watchOS 9 . 4 macOS Big Sur 11 . 7 . 5 . An app may be able to access info ##r matio n about a user’s contacts . [SEP]
LIME (words)
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3 iOS 16.4 and iPadOS 16.4 iOS 15.7.4 and iPadOS 15.7.4 tvOS 16.4 watchOS 9.4 macOS Big Sur 11.7.5. An app may be able to access information about a user’s contacts.
SHAP (words)
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13. 3 iOS 16. 4 and iPadOS 16. 4 iOS 15. 7. 4 and iPadOS 15. 7. 4 tvOS 16. 4 watchOS 9. 4 macOS Big Sur 11. 7. 5. An app may be able to access information about a user’ s contacts
#69 · cve_id CVE-2021-46368 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
TRI G ONE Remote ▁System ▁Monitor ▁3 . 61 ▁is ▁vulnerable ▁to ▁an unquoted ▁path ▁service ▁allowing ▁local ▁users ▁to ▁launch ▁processes ▁with elevate d ▁privileges . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
SHAP (words)
TRIGONE Remote System Monitor 3. 61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] T ##RI ##G ##ON ##E Remote System Monitor 3 . 61 is vulnerable to an unquoted path service allowing local users to launch processes with elevate d privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] T ##RI ##G ##ON ##E Remote System Monitor 3 . 61 is vulnerable to an unquoted path service allowing local users to launch processes with elevate d privileges . [SEP]
LIME (words)
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
SHAP (words)
TRIGONE Remote System Monitor 3. 61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] T ##RI ##G ##ON ##E Remote System Monitor 3 . 61 is vulnerable to an unquoted path service allowing local users to launch processes with elevate d privileges . [SEP]
LRP (+Pred, pos-only)
[CLS] T ##RI ##G ##ON ##E Remote System Monitor 3 . 61 is vulnerable to an unquoted path service allowing local users to launch processes with elevate d privileges . [SEP]
LIME (words)
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
SHAP (words)
TRIGONE Remote System Monitor 3. 61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges
#70 · cve_id CVE-2016-4508 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Cross-site scripting ( XSS ) ▁vulnerability ▁in ▁Rex ro th Bosch BL ADE control - Web VIS ▁3 . 0 . 2 ▁and ▁earlier ▁allows ▁remote ▁attackers ▁to inject ▁arbitrary ▁web sc ▁rip t ▁or HTML ▁via unspecified ▁vector s . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SHAP (words)
Cross- site scripting ( XSS) vulnerability in Rexroth Bosch BLADEcontrol- WebVIS 3. 0. 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-site scripting ( XSS ) vulnerability in Rex ##roth Bosch B ##LA ##DE ##con ##tro ##l - Web ##VI ##S 3 . 0 . 2 and earlier allows remote attackers to inject arbitrary web sc r ip t or HTML via unspecified vectors . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-site scripting ( XSS ) vulnerability in Rex ##roth Bosch B ##LA ##DE ##con ##tro ##l - Web ##VI ##S 3 . 0 . 2 and earlier allows remote attackers to inject arbitrary web sc r ip t or HTML via unspecified vectors . [SEP]
LIME (words)
Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SHAP (words)
Cross- site scripting ( XSS) vulnerability in Rexroth Bosch BLADEcontrol- WebVIS 3. 0. 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
lrp-distilbert · Pred=NONE (0) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Cross-site scripting ( XSS ) vulnerability in Rex ##roth Bosch B ##LA ##DE ##con ##tro ##l - Web ##VI ##S 3 . 0 . 2 and earlier allows remote attackers to inject arbitrary web sc r ip t or HTML via unspecified vectors . [SEP]
LRP (+Pred, pos-only)
[CLS] Cross-site scripting ( XSS ) vulnerability in Rex ##roth Bosch B ##LA ##DE ##con ##tro ##l - Web ##VI ##S 3 . 0 . 2 and earlier allows remote attackers to inject arbitrary web sc r ip t or HTML via unspecified vectors . [SEP]
LIME (words)
Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
SHAP (words)
Cross- site scripting ( XSS) vulnerability in Rexroth Bosch BLADEcontrol- WebVIS 3. 0. 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors
#71 · cve_id CVE-2023-20705 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁a pu ▁there ▁is ▁a ▁po ssi ble ▁out ▁of ▁bound s ▁read ▁due ▁to ▁a ▁mi ssi ng ▁bound s ▁check . ▁This ▁could ▁lead ▁to ▁local ▁in for matio n ▁di sc los ure ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . ▁Patch ▁ID : ▁AL PS 07 76 78 70 ; ▁Issue ▁ID : ▁AL PS 07 76 78 70 . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In apu there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.
SHAP (words)
In apu there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870
lrp-bert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In a ##pu there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##7 ##7 ##6 ##7 ##8 ##70 ; Issue ID : AL ##PS ##0 ##7 ##7 ##6 ##7 ##8 ##70 . [SEP]
LRP (+Pred, pos-only)
[CLS] In a ##pu there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##7 ##7 ##6 ##7 ##8 ##70 ; Issue ID : AL ##PS ##0 ##7 ##7 ##6 ##7 ##8 ##70 . [SEP]
LIME (words)
In apu there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.
SHAP (words)
In apu there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870
lrp-distilbert · Pred=NONE (0) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In a ##pu there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##7 ##7 ##6 ##7 ##8 ##70 ; Issue ID : AL ##PS ##0 ##7 ##7 ##6 ##7 ##8 ##70 . [SEP]
LRP (+Pred, pos-only)
[CLS] In a ##pu there is a p ##o ssi b ##le out of bounds read due to a mi ssi ng bounds check . This could lead to local info ##r matio n di sc los ##ure with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Patch ID : AL ##PS ##0 ##7 ##7 ##6 ##7 ##8 ##70 ; Issue ID : AL ##PS ##0 ##7 ##7 ##6 ##7 ##8 ##70 . [SEP]
LIME (words)
In apu there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.
SHAP (words)
In apu there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870
#72 · cve_id CVE-2023-21092 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁In ▁retrieve Service Loc ked ▁of ▁Active Service s . java ▁there ▁is ▁a ▁po ssi ble ▁way ▁to dynamically ▁register ▁a ▁Broadcast Receiver ▁using permissions ▁of ▁System ▁App ▁due ▁to improper ▁input validation . ▁This ▁could ▁lead ▁to ▁local escalation ▁of ▁privilege ▁with ▁no ▁additional ▁execution ▁privileges ▁needed . User ▁interaction ▁is ▁not ▁needed ▁for ▁exploitation . Pro duct : ▁Android Versions : ▁Android - 11 ▁Android - 12 ▁Android - 12 L ▁Android - 13 And roid ▁ID : ▁A - 24 20 400 55 <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
In retrieveServiceLocked of ActiveServices.java there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055
SHAP (words)
In retrieveServiceLocked of ActiveServices. java there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11 Android- 12 Android- 12L Android- 13Android ID: A- 242040055
lrp-bert · Pred=HIGH (2) · p=0.99 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In retrieve ##S ##er ##vice ##L ##ock ##ed of Active ##S ##er ##vice ##s . java there is a p ##o ssi b ##le way to dynamically register a Broadcast Receiver using permissions of System App due to improper input validation . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 Android - 12 Android - 12 ##L Android - 13 ##A ##nd ##roid ID : A - 242 ##0 ##40 ##0 ##55 [SEP]
LRP (+Pred, pos-only)
[CLS] In retrieve ##S ##er ##vice ##L ##ock ##ed of Active ##S ##er ##vice ##s . java there is a p ##o ssi b ##le way to dynamically register a Broadcast Receiver using permissions of System App due to improper input validation . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 Android - 12 Android - 12 ##L Android - 13 ##A ##nd ##roid ID : A - 242 ##0 ##40 ##0 ##55 [SEP]
LIME (words)
In retrieveServiceLocked of ActiveServices.java there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055
SHAP (words)
In retrieveServiceLocked of ActiveServices. java there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11 Android- 12 Android- 12L Android- 13Android ID: A- 242040055
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] In retrieve ##S ##er ##vice ##L ##ock ##ed of Active ##S ##er ##vice ##s . java there is a p ##o ssi b ##le way to dynamically register a Broadcast Receiver using permissions of System App due to improper input validation . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 Android - 12 Android - 12 ##L Android - 13 ##A ##nd ##roid ID : A - 242 ##0 ##40 ##0 ##55 [SEP]
LRP (+Pred, pos-only)
[CLS] In retrieve ##S ##er ##vice ##L ##ock ##ed of Active ##S ##er ##vice ##s . java there is a p ##o ssi b ##le way to dynamically register a Broadcast Receiver using permissions of System App due to improper input validation . This could lead to local escalation of privilege with no additional exec u ##tion privileges needed . User int era ##ction is not needed for exploitation . Product : Android Versions : Android - 11 Android - 12 Android - 12 ##L Android - 13 ##A ##nd ##roid ID : A - 242 ##0 ##40 ##0 ##55 [SEP]
LIME (words)
In retrieveServiceLocked of ActiveServices.java there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242040055
SHAP (words)
In retrieveServiceLocked of ActiveServices. java there is a possible way to dynamically register a BroadcastReceiver using permissions of System App due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android- 11 Android- 12 Android- 12L Android- 13Android ID: A- 242040055
#73 · cve_id CVE-2023-37295 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=0.98 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
AMI s SP x ▁contains ▁a ▁vulnerability ▁in ▁the BMC ▁where ▁an Attacker ▁may cause ▁a ▁heap ▁memory ▁corruption ▁via ▁an ▁adjacent ▁network . ▁A ▁successful ▁exploitation of ▁this ▁vulnerability ▁may ▁lead ▁to ▁a ▁loss ▁of confidentiality ▁integrity ▁and / ora vail ability . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corruption via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality integrity and/oravailability.
SHAP (words)
AMI’ sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corruption via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality integrity and/ oravailability
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] AMI s ##SP ##x contains a vulnerability in the BMC where an Attacker may ##ca ##use a heap memory corruption via an adjacent network . A successful exploitation ##of this vulnerability may lead to a loss of confidentiality int e ##g ##rity and / or ##ava ##ila ##bility . [SEP]
LRP (+Pred, pos-only)
[CLS] AMI s ##SP ##x contains a vulnerability in the BMC where an Attacker may ##ca ##use a heap memory corruption via an adjacent network . A successful exploitation ##of this vulnerability may lead to a loss of confidentiality int e ##g ##rity and / or ##ava ##ila ##bility . [SEP]
LIME (words)
AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corruption via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality integrity and/oravailability.
SHAP (words)
AMI’ sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corruption via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality integrity and/ oravailability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] AMI s ##SP ##x contains a vulnerability in the BMC where an Attacker may ##ca ##use a heap memory corruption via an adjacent network . A successful exploitation ##of this vulnerability may lead to a loss of confidentiality int e ##g ##rity and / or ##ava ##ila ##bility . [SEP]
LRP (+Pred, pos-only)
[CLS] AMI s ##SP ##x contains a vulnerability in the BMC where an Attacker may ##ca ##use a heap memory corruption via an adjacent network . A successful exploitation ##of this vulnerability may lead to a loss of confidentiality int e ##g ##rity and / or ##ava ##ila ##bility . [SEP]
LIME (words)
AMI’sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corruption via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality integrity and/oravailability.
SHAP (words)
AMI’ sSPx contains a vulnerability in the BMC where an Attacker maycause a heap memory corruption via an adjacent network. A successful exploitationof this vulnerability may lead to a loss of confidentiality integrity and/ oravailability
#74 · cve_id CVE-2022-30260 · a
GT=HIGH (2)
xlnet · Pred=NONE (0) · p=0.83 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁Emerson DeltaV Distributed ▁Control ▁System ( DCS ) ▁has ▁insufficient verification ▁of firmware ▁integrity ( an ▁inadequate checksum ▁approach ▁and ▁no ▁signature ) . ▁This ▁affects ▁versions ▁before ▁14 . 3 ▁of DeltaV ▁M - series DeltaV S - series DeltaV ▁P - series DeltaV SIS ▁and DeltaV CIO C / E I OC / W I OC IO ▁cards . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach and no signature). This affects versions before 14.3 of DeltaV M-series DeltaV S-series DeltaV P-series DeltaV SIS and DeltaV CIOC/EIOC/WIOC IO cards.
SHAP (words)
Emerson DeltaV Distributed Control System ( DCS) has insufficient verification of firmware integrity ( an inadequate checksum approach and no signature). This affects versions before 14. 3 of DeltaV M- series DeltaV S- series DeltaV P- series DeltaV SIS and DeltaV CIOC/ EIOC/ WIOC IO cards
lrp-bert · Pred=NONE (0) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Emerson DeltaV Distributed Control System ( DCS ) has insufficient verification of firmware int e ##g ##rity ( an inadequate checksum approach and no signature ) . This affects versions before 14 . 3 of DeltaV M - series DeltaV S - series DeltaV P - series DeltaV S ##IS and DeltaV CI O ##C / E IO C / W IO C IO cards . [SEP]
LRP (+Pred, pos-only)
[CLS] Emerson DeltaV Distributed Control System ( DCS ) has insufficient verification of firmware int e ##g ##rity ( an inadequate checksum approach and no signature ) . This affects versions before 14 . 3 of DeltaV M - series DeltaV S - series DeltaV P - series DeltaV S ##IS and DeltaV CI O ##C / E IO C / W IO C IO cards . [SEP]
LIME (words)
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach and no signature). This affects versions before 14.3 of DeltaV M-series DeltaV S-series DeltaV P-series DeltaV SIS and DeltaV CIOC/EIOC/WIOC IO cards.
SHAP (words)
Emerson DeltaV Distributed Control System ( DCS) has insufficient verification of firmware integrity ( an inadequate checksum approach and no signature). This affects versions before 14. 3 of DeltaV M- series DeltaV S- series DeltaV P- series DeltaV SIS and DeltaV CIOC/ EIOC/ WIOC IO cards
lrp-distilbert · Pred=HIGH (2) · p=0.88 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Emerson DeltaV Distributed Control System ( DCS ) has insufficient verification of firmware int e ##g ##rity ( an inadequate checksum approach and no signature ) . This affects versions before 14 . 3 of DeltaV M - series DeltaV S - series DeltaV P - series DeltaV S ##IS and DeltaV CI O ##C / E IO C / W IO C IO cards . [SEP]
LRP (+Pred, pos-only)
[CLS] Emerson DeltaV Distributed Control System ( DCS ) has insufficient verification of firmware int e ##g ##rity ( an inadequate checksum approach and no signature ) . This affects versions before 14 . 3 of DeltaV M - series DeltaV S - series DeltaV P - series DeltaV S ##IS and DeltaV CI O ##C / E IO C / W IO C IO cards . [SEP]
LIME (words)
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach and no signature). This affects versions before 14.3 of DeltaV M-series DeltaV S-series DeltaV P-series DeltaV SIS and DeltaV CIOC/EIOC/WIOC IO cards.
SHAP (words)
Emerson DeltaV Distributed Control System ( DCS) has insufficient verification of firmware integrity ( an inadequate checksum approach and no signature). This affects versions before 14. 3 of DeltaV M- series DeltaV S- series DeltaV P- series DeltaV SIS and DeltaV CIOC/ EIOC/ WIOC IO cards
#75 · cve_id CVE-2023-36740 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁3 D Viewer Remote ▁Code Execution Vulnerability <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
3D Viewer Remote Code Execution Vulnerability
SHAP (words)
3D Viewer Remote Code Execution Vulnerability
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] 3D Viewer Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] 3D Viewer Remote Code Execution Vulnerability [SEP]
LIME (words)
3D Viewer Remote Code Execution Vulnerability
SHAP (words)
3D Viewer Remote Code Execution Vulnerability
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] 3D Viewer Remote Code Execution Vulnerability [SEP]
LRP (+Pred, pos-only)
[CLS] 3D Viewer Remote Code Execution Vulnerability [SEP]
LIME (words)
3D Viewer Remote Code Execution Vulnerability
SHAP (words)
3D Viewer Remote Code Execution Vulnerability
#76 · cve_id CVE-2021-42755 · a
GT=LOW (1)
xlnet · Pred=HIGH (2) · p=1.00 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁An ▁integer overflow / ▁wrap around ▁vulnerability ▁[ C WE - 190 ] ▁in ▁For ti Switch ▁7 . 0 . 2 ▁and ▁below ▁6 . 4 . 9 ▁and ▁below ▁6 . 2 . x ▁6 . 0 . x ; ▁For ti Recorder ▁6 . 4 . 2 ▁and ▁below ▁6 . 0 . 10 ▁and ▁below ; FortiOS ▁7 . 0 . 2 ▁and ▁below ▁6 . 4 . 8 ▁and ▁below ▁6 . 2 . 10 ▁and ▁below ▁6 . 0 . x ; FortiProxy ▁7 . 0 . 0 ▁2 . 0 . 6 ▁and ▁below ▁1 . 2 . x ▁1 . 1 . x ▁1 . 0 . x ; ▁For ti V o ice En ter prise ▁6 . 4 . 3 ▁and ▁below ▁6 . 0 . 10 ▁and ▁below dh c p d daemon ▁may ▁allow ▁an unauthenticated ▁and ▁network ▁adjacent ▁attacker ▁to ▁crash ▁the dh c p d ▁de a mon ▁resulting ▁in ▁potential ▁denial ▁of ▁service . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below 6.4.9 and below 6.2.x 6.0.x; FortiRecorder 6.4.2 and below 6.0.10 and below; FortiOS 7.0.2 and below 6.4.8 and below 6.2.10 and below 6.0.x; FortiProxy 7.0.0 2.0.6 and below 1.2.x 1.1.x 1.0.x; FortiVoiceEnterprise 6.4.3 and below 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon resulting in potential denial of service.
SHAP (words)
An integer overflow / wraparound vulnerability [ CWE- 190] in FortiSwitch 7. 0. 2 and below 6. 4. 9 and below 6. 2. x 6. 0. x; FortiRecorder 6. 4. 2 and below 6. 0. 10 and below; FortiOS 7. 0. 2 and below 6. 4. 8 and below 6. 2. 10 and below 6. 0. x; FortiProxy 7. 0. 0 2. 0. 6 and below 1. 2. x 1. 1. x 1. 0. x; FortiVoiceEnterprise 6. 4. 3 and below 6. 0. 10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon resulting in potential denial of service
lrp-bert · Pred=HIGH (2) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An int e ##ger overflow / wrap ##around vulnerability [ CW ##E - 190 ] in Fort ##i Switch 7 . 0 . 2 and below 6 . 4 . 9 and below 6 . 2 . x 6 . 0 . x ; Fort ##i Recorder 6 . 4 . 2 and below 6 . 0 . 10 and below ; FortiOS 7 . 0 . 2 and below 6 . 4 . 8 and below 6 . 2 . 10 and below 6 . 0 . x ; FortiProxy 7 . 0 . 0 2 . 0 . 6 and below 1 . 2 . x 1 . 1 . x 1 . 0 . x ; Fort ##i ##V ##oi ##ce ##E ##nter ##prise 6 . 4 . 3 and below 6 . 0 . 10 and below d ##h ##c ##p ##d daemon may allow an unauthenticated and network adjacent attacker to crash the d ##h ##c ##p ##d de ##amon resulting in potential denial of service . [SEP]
LRP (+Pred, pos-only)
[CLS] An int e ##ger overflow / wrap ##around vulnerability [ CW ##E - 190 ] in Fort ##i Switch 7 . 0 . 2 and below 6 . 4 . 9 and below 6 . 2 . x 6 . 0 . x ; Fort ##i Recorder 6 . 4 . 2 and below 6 . 0 . 10 and below ; FortiOS 7 . 0 . 2 and below 6 . 4 . 8 and below 6 . 2 . 10 and below 6 . 0 . x ; FortiProxy 7 . 0 . 0 2 . 0 . 6 and below 1 . 2 . x 1 . 1 . x 1 . 0 . x ; Fort ##i ##V ##oi ##ce ##E ##nter ##prise 6 . 4 . 3 and below 6 . 0 . 10 and below d ##h ##c ##p ##d daemon may allow an unauthenticated and network adjacent attacker to crash the d ##h ##c ##p ##d de ##amon resulting in potential denial of service . [SEP]
LIME (words)
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below 6.4.9 and below 6.2.x 6.0.x; FortiRecorder 6.4.2 and below 6.0.10 and below; FortiOS 7.0.2 and below 6.4.8 and below 6.2.10 and below 6.0.x; FortiProxy 7.0.0 2.0.6 and below 1.2.x 1.1.x 1.0.x; FortiVoiceEnterprise 6.4.3 and below 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon resulting in potential denial of service.
SHAP (words)
An integer overflow / wraparound vulnerability [ CWE- 190] in FortiSwitch 7. 0. 2 and below 6. 4. 9 and below 6. 2. x 6. 0. x; FortiRecorder 6. 4. 2 and below 6. 0. 10 and below; FortiOS 7. 0. 2 and below 6. 4. 8 and below 6. 2. 10 and below 6. 0. x; FortiProxy 7. 0. 0 2. 0. 6 and below 1. 2. x 1. 1. x 1. 0. x; FortiVoiceEnterprise 6. 4. 3 and below 6. 0. 10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon resulting in potential denial of service
lrp-distilbert · Pred=HIGH (2) · p=0.99 MIS
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] An int e ##ger overflow / wrap ##around vulnerability [ CW ##E - 190 ] in Fort ##i Switch 7 . 0 . 2 and below 6 . 4 . 9 and below 6 . 2 . x 6 . 0 . x ; Fort ##i Recorder 6 . 4 . 2 and below 6 . 0 . 10 and below ; FortiOS 7 . 0 . 2 and below 6 . 4 . 8 and below 6 . 2 . 10 and below 6 . 0 . x ; FortiProxy 7 . 0 . 0 2 . 0 . 6 and below 1 . 2 . x 1 . 1 . x 1 . 0 . x ; Fort ##i ##V ##oi ##ce ##E ##nter ##prise 6 . 4 . 3 and below 6 . 0 . 10 and below d ##h ##c ##p ##d daemon may allow an unauthenticated and network adjacent attacker to crash the d ##h ##c ##p ##d de ##amon resulting in potential denial of service . [SEP]
LRP (+Pred, pos-only)
[CLS] An int e ##ger overflow / wrap ##around vulnerability [ CW ##E - 190 ] in Fort ##i Switch 7 . 0 . 2 and below 6 . 4 . 9 and below 6 . 2 . x 6 . 0 . x ; Fort ##i Recorder 6 . 4 . 2 and below 6 . 0 . 10 and below ; FortiOS 7 . 0 . 2 and below 6 . 4 . 8 and below 6 . 2 . 10 and below 6 . 0 . x ; FortiProxy 7 . 0 . 0 2 . 0 . 6 and below 1 . 2 . x 1 . 1 . x 1 . 0 . x ; Fort ##i ##V ##oi ##ce ##E ##nter ##prise 6 . 4 . 3 and below 6 . 0 . 10 and below d ##h ##c ##p ##d daemon may allow an unauthenticated and network adjacent attacker to crash the d ##h ##c ##p ##d de ##amon resulting in potential denial of service . [SEP]
LIME (words)
An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below 6.4.9 and below 6.2.x 6.0.x; FortiRecorder 6.4.2 and below 6.0.10 and below; FortiOS 7.0.2 and below 6.4.8 and below 6.2.10 and below 6.0.x; FortiProxy 7.0.0 2.0.6 and below 1.2.x 1.1.x 1.0.x; FortiVoiceEnterprise 6.4.3 and below 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon resulting in potential denial of service.
SHAP (words)
An integer overflow / wraparound vulnerability [ CWE- 190] in FortiSwitch 7. 0. 2 and below 6. 4. 9 and below 6. 2. x 6. 0. x; FortiRecorder 6. 4. 2 and below 6. 0. 10 and below; FortiOS 7. 0. 2 and below 6. 4. 8 and below 6. 2. 10 and below 6. 0. x; FortiProxy 7. 0. 0 2. 0. 6 and below 1. 2. x 1. 1. x 1. 0. x; FortiVoiceEnterprise 6. 4. 3 and below 6. 0. 10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon resulting in potential denial of service
#77 · cve_id CVE-2023-39809 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁N . V . K . INTER ▁CO . ▁L TD . ( NV K ) i BS G ▁v 3 . 5 ▁was ▁di sc ▁over ed ▁to ▁contain ▁a ▁command inject ion ▁vulnerability ▁via ▁the ▁system _ hostname param eter ▁at / man age / network - bas ic . php . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
N.V.K.INTER CO. LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.
SHAP (words)
N. V. K. INTER CO. LTD. ( NVK) iBSG v3. 5 was discovered to contain a command injection vulnerability via the system_hostname parameter at / manage/ network- basic. php
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] N . V . K . I NT ER CO . L ##T ##D . ( N ##V ##K ) i ##BS ##G v ##3 . 5 was di sc over ##ed to contain a command inject ion vulnerability via the system _ hostname param et ##er at / manage / network - basic . php . [SEP]
LRP (+Pred, pos-only)
[CLS] N . V . K . I NT ER CO . L ##T ##D . ( N ##V ##K ) i ##BS ##G v ##3 . 5 was di sc over ##ed to contain a command inject ion vulnerability via the system _ hostname param et ##er at / manage / network - basic . php . [SEP]
LIME (words)
N.V.K.INTER CO. LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.
SHAP (words)
N. V. K. INTER CO. LTD. ( NVK) iBSG v3. 5 was discovered to contain a command injection vulnerability via the system_hostname parameter at / manage/ network- basic. php
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] N . V . K . I NT ER CO . L ##T ##D . ( N ##V ##K ) i ##BS ##G v ##3 . 5 was di sc over ##ed to contain a command inject ion vulnerability via the system _ hostname param et ##er at / manage / network - basic . php . [SEP]
LRP (+Pred, pos-only)
[CLS] N . V . K . I NT ER CO . L ##T ##D . ( N ##V ##K ) i ##BS ##G v ##3 . 5 was di sc over ##ed to contain a command inject ion vulnerability via the system _ hostname param et ##er at / manage / network - basic . php . [SEP]
LIME (words)
N.V.K.INTER CO. LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.
SHAP (words)
N. V. K. INTER CO. LTD. ( NVK) iBSG v3. 5 was discovered to contain a command injection vulnerability via the system_hostname parameter at / manage/ network- basic. php
#78 · cve_id CVE-2019-3011 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
Vulnerability ▁in ▁the MySQL ▁Server ▁product ▁of ▁Oracle MySQL ( com ponent : ▁Server : ▁C ▁API ) . Supported ▁versions ▁that ▁are ▁affected ▁are ▁8 . 0 . 17 ▁and ▁prior . Easily exploitable ▁vulnerability ▁allows ▁low ▁privileged ▁attacker ▁with ▁network ▁access ▁via ▁multiple ▁protocols ▁to ▁compromise MySQL ▁Server . Successful ▁attacks ▁of ▁this ▁vulnerability ▁can ▁result ▁in unauthorized ▁ability ▁to ▁cause ▁a ▁hang ▁or ▁frequently repeatable ▁crash ( complete ▁DO S ) ▁of MySQL ▁Server . CVSS ▁3 . 0 ▁Base ▁Score ▁6 . 5 ( Availability ▁impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : N / A : H ) . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the MySQL Server product of Oracle MySQL ( component: Server: C API). Supported versions that are affected are 8. 0. 17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of MySQL Server. CVSS 3. 0 Base Score 6. 5 ( Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: L/ UI: N/ S: U/ C: N/ I: N/ A: H
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the MySQL Server product of Oracle MySQL ( component : Server : C A PI ) . Supported versions that are affected are 8 . 0 . 17 and prior . Easily exploitable vulnerability allows low privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of MySQL Server . CVSS 3 . 0 Base Score 6 . 5 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : N / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the MySQL Server product of Oracle MySQL ( component : Server : C A PI ) . Supported versions that are affected are 8 . 0 . 17 and prior . Easily exploitable vulnerability allows low privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of MySQL Server . CVSS 3 . 0 Base Score 6 . 5 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : N / A : H ) . [SEP]
LIME (words)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the MySQL Server product of Oracle MySQL ( component: Server: C API). Supported versions that are affected are 8. 0. 17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of MySQL Server. CVSS 3. 0 Base Score 6. 5 ( Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: L/ UI: N/ S: U/ C: N/ I: N/ A: H
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] Vulnerability in the MySQL Server product of Oracle MySQL ( component : Server : C A PI ) . Supported versions that are affected are 8 . 0 . 17 and prior . Easily exploitable vulnerability allows low privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of MySQL Server . CVSS 3 . 0 Base Score 6 . 5 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : N / A : H ) . [SEP]
LRP (+Pred, pos-only)
[CLS] Vulnerability in the MySQL Server product of Oracle MySQL ( component : Server : C A PI ) . Supported versions that are affected are 8 . 0 . 17 and prior . Easily exploitable vulnerability allows low privileged attacker with network access via m ##ult ip le protocols to compromise MySQL Server . Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS ) of MySQL Server . CVSS 3 . 0 Base Score 6 . 5 ( Availability impacts ) . CVSS Vector : ( CVSS : 3 . 0 / AV : N / AC : L / PR : L / UI : N / S : U / C : N / I : N / A : H ) . [SEP]
LIME (words)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: C API). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
SHAP (words)
Vulnerability in the MySQL Server product of Oracle MySQL ( component: Server: C API). Supported versions that are affected are 8. 0. 17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash ( complete DOS) of MySQL Server. CVSS 3. 0 Base Score 6. 5 ( Availability impacts). CVSS Vector: ( CVSS: 3. 0/ AV: N/ AC: L/ PR: L/ UI: N/ S: U/ C: N/ I: N/ A: H
#79 · cve_id CVE-2020-6869 · a
GT=NONE (0)
xlnet · Pred=NONE (0) · p=0.87 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁All ▁versions ▁up ▁to ▁10 . 06 ▁of ZTE ▁Market APK ▁are ▁impacted ▁by ▁an ▁in for matio n ▁leak ▁vulnerability . ▁Due ▁to Activity Component ▁exposure ▁users ▁can ▁exploit ▁this ▁vulnerability ▁to ▁get ▁the ▁private ▁cookie ▁and ▁execute ▁silent ▁installation . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
SHAP (words)
All versions up to 10. 06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation
lrp-bert · Pred=NONE (0) · p=0.64 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] All versions up to 10 . 06 of ZTE Market APK are impacted by an info ##r matio n leak vulnerability . Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and exec u ##te silent installation . [SEP]
LRP (+Pred, pos-only)
[CLS] All versions up to 10 . 06 of ZTE Market APK are impacted by an info ##r matio n leak vulnerability . Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and exec u ##te silent installation . [SEP]
LIME (words)
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
SHAP (words)
All versions up to 10. 06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation
lrp-distilbert · Pred=NONE (0) · p=0.94 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] All versions up to 10 . 06 of ZTE Market APK are impacted by an info ##r matio n leak vulnerability . Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and exec u ##te silent installation . [SEP]
LRP (+Pred, pos-only)
[CLS] All versions up to 10 . 06 of ZTE Market APK are impacted by an info ##r matio n leak vulnerability . Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and exec u ##te silent installation . [SEP]
LIME (words)
All versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.
SHAP (words)
All versions up to 10. 06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation
#80 · cve_id CVE-2020-28212 · a
GT=HIGH (2)
xlnet · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
▁A ▁C WE - 30 7 : Improper Restriction ▁of Excessive Authentication Attempts ▁vulnerability ▁exists ▁in PLC Simulator ▁on EcoStruxureª ▁Control Expert ( now ▁Unity ▁Pro ) ( all ▁versions ) ▁that ▁could ▁cause unauthorized ▁command ▁execution ▁when ▁a brute ▁force ▁attack ▁is ▁done ▁over Modbus . <sep> <cls>
LRP (+Pred, pos-only)
n/a
LIME (words)
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.
SHAP (words)
A CWE- 307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert ( now Unity Pro) ( all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus
lrp-bert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A CW ##E - 307 : Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert ( now Unity Pro ) ( all versions ) that could cause unauthorized command exec u ##tion when a brute force attack is done over Modbus . [SEP]
LRP (+Pred, pos-only)
[CLS] A CW ##E - 307 : Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert ( now Unity Pro ) ( all versions ) that could cause unauthorized command exec u ##tion when a brute force attack is done over Modbus . [SEP]
LIME (words)
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.
SHAP (words)
A CWE- 307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert ( now Unity Pro) ( all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus
lrp-distilbert · Pred=HIGH (2) · p=1.00 TP
Row 1: IG / LRP(+Pred) · Row 2: LIME / SHAP
IG (subwords)
[CLS] A CW ##E - 307 : Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert ( now Unity Pro ) ( all versions ) that could cause unauthorized command exec u ##tion when a brute force attack is done over Modbus . [SEP]
LRP (+Pred, pos-only)
[CLS] A CW ##E - 307 : Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert ( now Unity Pro ) ( all versions ) that could cause unauthorized command exec u ##tion when a brute force attack is done over Modbus . [SEP]
LIME (words)
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.
SHAP (words)
A CWE- 307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert ( now Unity Pro) ( all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus